Front-end and private key exploits drove over $2 billion in crypto thefts during H1 2025: report

Hackers looted $2.1 billion from the cryptocurrency sector in the first half of 2025, and more than 80% of that haul stemmed from infrastructure attacks, blockchain intelligence firm TRM Labs said in a Thursday report .

Private-key thefts, seed-phrase exploits, and front-end hijacks—often enabled by social-engineering or compromised insider access—averaged ten times the size of other exploits, according to TRM. DeFi flaws also remained a problem. Flash loans and re-entrancy exploits on smart contracts accounted for another 12 percent of losses, a sign of prevalent vulnerabilities in onchain protocols.

The six-month tally already rivals all of 2024 and tops the previous H1 record from 2022 by about 10 percent. Notably, one large incident skewed the numbers; February’s $1.5 billion Bybit hack, which TRM attributes to North Korea. That single strike pushed the average hack size to $30 million, double last year’s pace.

TRM estimates North Korea-linked groups stole $1.6 billion, or 70 percent of H1 totals, as the regime leans on crypto theft to fund weapons programs. The report also cites a June breach at Iran’s Nobitex exchange —carried out by the Israel-aligned hacker group Gonjeshke Darande—that resulted in $90 million being sent to “unspendable” wallets during a period of heightened geopolitical tension in the Middle East.

To address the security issues plaguing the crypto industry, TRM urged protocols and services to enhance multi-factor authentication and improve cold storage. The firm also proposed tighter insider-threat defenses while law enforcement agencies boost cross-border coordination.

Crypto also needs better industry-wide teamwork to sustain anti-theft efforts, TRM added. “The path forward requires multifaceted collaboration,” the report said. “H1 2025’s record thefts are a stark call to action for a collective, sustained, and strategically aligned security posture — one prepared not just for crime, but for covert acts of statecraft. Proactive information sharing and coordinated international approaches to prosecuting state-sponsored cybercriminals are paramount for effective deterrence.”