Just in the first six months of 2025, the cryptography industry lost more than $ 2.1 billion on at least 75 separate incidents, due to hacks and exploits. What is surprising to note is that the amount is almost equal to the total losses recorded for 2024, according to data from the last TRM LAB report.
Far from being the usual opportunity crimes, the recent scale and the sophistication of attacks reveal how the crypto becomes a battlefield for the geopolitical cyber-conflict.
The actors sponsored by the State are now testing their skills against critical financial infrastructure, pushing the limits of international finance and exploiting nature without borders, currently half -Galed of the cryptographic ecosystem.
TRM Labs’ analysis highlights key risks shaping the landscape of crypto threats in 2025.
The violation of the appeal has proven that the cold wallets are not impenetrable
Nothing more clearly illustrates the severity of crypto hacks than the catastrophic survey incident in February of this year. The attack represented more than $ 1.5 billion in total losses via Ethereum tokens, exceeding all previous exploits ever recorded.
TRM Labs confirmed that the North Korean pirates were responsible for the violation using blockchain intelligence, identifying the links between the portfolios used in this incident and those related to previous North Korean flights. The FBI confirmed the link of robbery with North Korea on February 26, 2025.
The attribution corresponds to a well -established scheme of cyberattacks linked to Pyongyang, which, according to TRM Labs, has stolen more than 5 billion US dollars in crypto since 2017. The violation of the appeal follows almost exactly the book of North Korea, which targets cryptographic exchanges centralized by phishing, attacks by the supply chain and private.
These same tactics were observed in the hacking of 2023 atomic wallets, where more than $ 100 million in cryptocurrency were drained by more than 4,100 portfolios. Addition of the expert in North Korea of TRM and former expert in FBI, Nick Carlsen, shared,
“Relay feat indicates that the diet intensifies its technique” flood the area “- compliance teams at the end of the blockchain and law enforcement organizations with rapid and high frequency transactions on several platforms, thus complicating monitoring efforts.”
Beyond the bybit’s hacking scale, the speed at which the stolen funds were bleached is just as alarming.
In just 48 hours, around $ 160 million had already been channeled by illicit channels. On February 23, 2025, TRM Labs estimated that the total had exceeded $ 200 million and three days later, more than $ 400 million had been moved.
The clear scale, speed and operational efficiency of the operation, push traditional anti-money laundering frameworks to their limits, which makes it more and more difficult for investigators to follow the pace.
A geopolitical dimension to cryptographic crime
Beyond the piracy of Bybit, the analysis of Trm Labs on the cryptographic hacks for the first half of 2025 also highlighted the emerging threats of other groups aligned by the State. While North Korea is still a dominant actor, another notable case involved a group that would have been linked to Israel, known as Gonjeshke Darande or Predory Sparrow.
This group was linked to the violation of Nobitex on June 18, 2025, which would be the greatest exchange of Crypto in Iran, compared to $ 90 million. Gonjeshke Darande claimed the responsibility of the attack, declaring that it was aimed at the platform for its alleged role by helping the Iranian regime to escape international sanctions and to finance illegal operations.
However, in a striking turn, the attackers channeled the stolen funds with vanity addresses deemed “unfounded”. By sending funds to portfolios without known private keys, the funds were permanently inaccessible.
This suggests that the group has never intended or perhaps the ability to access the funds, pointing towards a reason which was probably symbolic or political rather than financial.
It is a brutal reminder that theft of digital assets quickly becomes a tool in agendas and geopolitical conflicts focused on the state.
Rethink the defense of cryptography and the urgent need for collaboration
While the attacks supported by the State become more daring and the losses reach record heights, players in the cryptography industry will have to harden their defenses, and soon. The best forefoot would require collaboration from several fronts.
The fight against cryptographic crime supported by the State requires stricter collaboration between the application of global law, financial intelligence units and blockchain analysis companies. The sharing of preventive information and coordinated cross -border efforts will be essential to follow and recover stolen assets while sending a clear deterrent message.
The coming months will be a critical test to find out if the cryptographic ecosystem can evolve fairly quickly before the next mega-hack occurs.
Star image by Danny On freepik
