In the first half of 2025, hackers stole over $2.1 billion from cryptocurrency platforms. This is the highest figure ever recorded. According to TRM Labs, at least 75 major breaches occurred during this period—10% more than in the same period of 2022, which previously held the record. For comparison, nearly the same amount was stolen throughout all of 2024. Experts warn that attacks are becoming not only more technically sophisticated but also increasingly politically driven.

As digital assets become more important to national economies, cyber threats are starting to resemble strategic weapons. This trend is especially evident in the actions of so-called «state-sponsored hackers», whose operations clearly go beyond ordinary cybercrime.

Who is behind the major attacks

The most severe damage came from the hacking of crypto exchange Bybit — one of the largest platforms globally. In February 2025, $1.5 billion was stolen from the exchange, accounting for nearly 70% of total losses for the half-year. The attack exploited a vulnerability in the cold wallet storage system and followed a method similar to the one used against India’s WazirX in 2024.

Both attacks are suspected to be linked to the North Korean hacker group Lazarus, which has long specialized in targeting crypto platforms. Analysts believe the goal behind such breaches could be circumventing sanctions and funding government programs. North Korea isn’t alone in this activity. In June, Iranian exchange Nobitex was hacked, and preliminary reports suggest that Israeli group «Gonjeshke Darande» was behind the attack.

Key vulnerabilities in the crypto sphere

Most attacks in 2025 targeted infrastructure — compromised keys, phishing schemes, social engineering, and even insider involvement. These methods accounted for over 80% of all incidents.

Even major players like Coinbase proved to be vulnerable. In the spring of 2025, the exchange suffered a massive data leak, exposing contact information for 69,000 users. Although funds and passwords remained safe, the information was enough for hackers to later steal around $400 million using various deception tactics.

The most common attack scenarios include:

• theft of private keys and seed phrases
• phishing and social engineering involving insiders
• vulnerabilities in smart contracts and DeFi protocols

Although code-based exploits made up only around 12% of all incidents, they continue to highlight the critical need for thorough testing and regular updates of smart contracts — especially in the decentralized finance space.

Why these events shouldn't be ignored

Cyberattacks are increasingly used not just for financial gain but as tools of pressure and influence. This makes them a threat not only to individual platforms but to economic stability as a whole. Cryptocurrencies are becoming more entangled in geopolitical processes, which means their protection must go beyond technical measures to also include political risk assessment.

For users and investors, this requires a reassessment of security strategies. Simple tools like two-factor authentication and cold wallets are no longer sufficient. It’s essential to understand that the crypto market no longer exists in isolation — it has become part of a global political and economic game. And we all need to be prepared for that.