Crypto’s secret key exploits and front-end compromises explain most of the $2.1 billion worth of cryptocurrencies lost to attacks in the first half of 2025, says blockchain intelligence company TRM Labs.
In a report on Thursday, TRM Labs said that over 80% of Crypto stolen from 75 hacks so far this year have been adopted in so-called infrastructure exploits, and on average were filmed at 10 times the other attack types.
Infrastructure attacks target the technical backbone of a system, causing unauthorized control, misleading users, or misleading assets.
These include attacks such as hijacking private seed phrases in Crypto Wallet and leveraging the user-oriented portion of the crypto protocol.
“These methods exploit the fundamental weaknesses of cryptographic systems and are often amplified by social engineering.”
Protocol exploits help fuel surges in illegal crypto activity
Another massive successful attack vector was a protocol exploit that included flash loans and recurrence attacks, accounting for 12% of losses in the first half of the year.
“These attacks target vulnerabilities in smart contracts or core logic in blockchain protocols, which extract funds and destroy system behavior,” explained TRM Labs.
Overall, the losses in the first half of 2025 were roughly 10% above the previous record set for 2022, almost equaling the total losses from all of 2024, with TRM Labs saying “emphasizing an increasingly concentrated threat to digital assets.”
The attack sponsored by the state responsible for most losses
The $1.5 billion hack of Crypto Exchange Bybit, based in Dubai, North Korea, in February accounted for almost 70% of its total loss in 2025.
The attack also brought the average hack size to nearly $30 million, double the average of $15 million in the first half of 2024.
However, according to TRM Labs, there were over $100 million total thefts in January, April, May and June.
The Israeli hacker group Gonjeshke Darande, or the predatory sparrow that could potentially link to the Israeli government, also helped jack the average after exploiting Nobitex, Iran’s largest crypto exchange for $100 on June 18.
Related: Crypto Hacks Top 1.6 Billion Quarter 2025 – Peckshield
“H1 2025 illustrates a pivotal change in crypto hacking: an escalation of strategic intentions from state actors and other geopolitically motivated groups,” TRM Labs said.
“Multi-faceted collaboration” was necessary to fight bad actors
TRM Labs said the crypto industry needs to enhance basic security, including multifactor authentication, cold storage, frequent auditing, insider threat detection and advanced social engineering measures.
He added that “multi-faceted collaboration” is needed between global law enforcement agencies, financial information units and blockchain intelligence companies.
“The H1 2025 record-breaking theft calls for harsh actions that require a collective, sustainable, strategically aligned security posture. It is prepared for not only crime but for secret three-dimensional acts,” TRM Labs said.
Magazine: Coinbase Hack shows that the law probably doesn’t protect you: Why is it here?
