Key Insights:
- Crypto losses are expected to reach $2.1 billion in the first half of 2025.
- Infrastructure attacks, including private key thefts and frontend exploits now account for over 80% of stolen crypto in H1.
- Protocol exploits contributed about 12% and State-sponsored attacks like the Bybit hack accounted for nearly 70% of H1 2025 losses.
The crypto industry is grappling once again with the threat of bad actors.
According to recent reports from blockchain intelligence firm TRM Labs and Chainalysis, crypto thefts could balloon to $2.1 billion in the first half of 2025 alone. This stands as a massive surge in hacks and scams, with most of the stolen funds traced back to infrastructure-related attacks.
Despite advances in technology and more awareness, attackers are not only bypassing defenses, but are even acting more and more across borders. Here’s what’s been driving this wave of crypto crime and what it could mean for the crypto space, going forward.
Infrastructure Attacks Dominate the Crypto Space
According to insights from TRM Labs in a separate report, infrastructure attacks have been the biggest problem for the crypto space.
Think of infrastructure attacks as hacks that target the systems that power crypto platforms. This class of exploits accounted for more than 80% of all crypto stolen in the first six months of 2025.
These include private key thefts, compromised seed phrases and frontend exploits designed to trick users or hijack transactions.
Moreover, these types of attacks are far more damaging than other methods. This is because, according to TRM Labs, they siphon off ten times more funds per incident on average, compared to protocol hacks or phishing attempts.
The reason for this trend is simple. Infrastructure exploits strike at the heart of a platform’s security. They do this whether through wallet breaches, user interface manipulation, or breaking in and stealing private credentials.
“These methods exploit foundational weaknesses in cryptosystems and are often amplified by social engineering,” TRM Labs stated in its report.
In essence, it is safe to assume that many platforms are still struggling with basic security hygiene, even as attackers become more creative and aggressive.
Protocol Exploits Add to the Toll
While infrastructure hacks are responsible for the bulk of stolen funds, protocol-level exploits also played a major role in crypto losses. These exploits include flash loan attacks and re-entrancy exploits, both of which target vulnerabilities in smart contracts.
TRM Labs estimates that protocol exploits made up around 12% of total losses in H1 of the year.
Even though this class of hacks are smaller in volume, they are more complex and can severely damage user trust in defi platforms.
Unlike social engineering attacks that rely on tricking individuals, these methods manipulate the logic of the system itself. They can steal funds or crash protocols in a matter of seconds.
When combined, these attacks show that there is an increasing need for better audits and smarter contract design across the board.
State-Sponsored Crypto Attacks Are Now More Alarming
One of the most disturbing developments of the year has been the rise in state-sponsored crypto attacks.
These have driven crypto losses all the way up, and a single incident from North Korea’s hack of Bybit accounted for a staggering $1.5 billion (or nearly 70% of all losses so far this year).
This attack alone doubled the average hack size compared to the same period in 2024, from $15 million to $30 million per incident.
Another pro-Israeli hacking group known as Predatory Sparrow (Gonjeshke Darande) also exploited Iran’s largest crypto exchange, Nobitex, on 18 June. The attack resulted in the theft of $100 million and is believed to be linked to cyber warfare between both countries.
“H1 2025 marks a pivotal shift in crypto hacking: escalating strategic intent from state actors and other geopolitically motivated groups,” the TRM Labs report noted.
At this point, it is enough to conclude that crypto theft is no longer just about financial gain. It is now more and more being linked to politics, ideology, and state-sponsored cyber warfare.
