Front-end and private key exploits drove over $2 billion in crypto thefts during H1 2025: report

Hackers looted $2.1 billion from the cryptocurrency sector in the first half of 2025, and more than 80% of that haul stemmed from infrastructure attacks, blockchain intelligence firm TRM Labs said in a Thursday report.Private-key thefts, seed-phrase exploits, and front-end hijacks—often enabled by social-engineering or compromised insider access—averaged ten times the size of other exploits, according to TRM. DeFi flaws also remained a problem. Flash loans and re-entrancy exploits on smart contracts accounted for another 12 percent of losses, a sign of prevalent vulnerabilities in onchain protocols.The six-month tally already rivals all of 2024 and tops the previous H1 record from 2022 by about 10 percent. Notably, one large incident skewed the numbers; February’s $1.5 billion Bybit hack, which TRM attributes to North Korea. That single strike pushed the average hack size to $30 million, double last year’s pace.TRM estimates North Korea-linked groups stole $1.6 billion, or 70 percent of H1 totals, as the regime leans on crypto theft to fund weapons programs. The report also cites a June breach at Iran’s Nobitex exchange—carried out by the Israel-aligned hacker group Gonjeshke Darande—that resulted in $90 million being sent to “unspendable” wallets during a period of heightened geopolitical tension in the Middle East.To address the security issues plaguing the crypto industry, TRM urged protocols and services to enhance multi-factor authentication and improve cold storage. The firm also proposed tighter insider-threat defenses while law enforcement agencies boost cross-border coordination.Crypto also needs better industry-wide teamwork to sustain anti-theft efforts, TRM added. “The path forward requires multifaceted collaboration,” the report said. “H1 2025’s record thefts are a stark call to action for a collective, sustained, and strategically aligned security posture — one prepared not just for crime, but for covert acts of statecraft. Proactive information sharing and coordinated international approaches to prosecuting state-sponsored cybercriminals are paramount for effective deterrence.”Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.