Crypto Hacks Hit $2.1B in H1 2025, But One Black Swan Skewed Data

The first half of 2025 recorded over $2.1 billion in stolen crypto assets, according to TRM Labs’ latest report – marking a new high for H1 losses and nearly matching the entire 2024 total. However, beneath the headline lies a deeper story of improving security overshadowed by a single black swan event.TRM Labs highlighted that the $1.5 billion Bybit exploit in February 2025 accounted for around 70% of total losses. The attack was attributed to North Korea’s Lazarus Group, which has maintained its status as the most prolific state-backed hacking entity targeting the digital asset ecosystem.Without the Bybit incident, H1 2025 losses would have been approximately $600 million, which is lower than H1 2024. This indicates that while the overall frequency of attacks remains high, the severity per incident has declined, aside from rare mega hacks.Another major event was the June 2025 hack on Nobitex, Iran’s largest crypto exchange. Predatory Sparrow, a pro-Israel hacktivist group linked to the Israeli government or military, claimed responsibility, reportedly destroying over $90 million in funds by sending them to inaccessible addresses tagged with anti-IRGC messages. Unlike the Bybit hack, this incident appeared driven by political sabotage rather than financial gain.While Lazarus Group’s involvement in the Bybit hack is widely confirmed, the Nobitex attack’s direct attribution to the Israeli state remains unproven, reflecting the complex intersection of cybersecurity and geopolitical conflict.The report also revealed:Despite the record headline, the data suggests overall ecosystem security is improving:However, single points of failure remain existential threats. The Bybit hack showed that when centralized private key management is breached, the consequences can eclipse an entire year’s progress in a single day.TRM Labs recommends that exchanges, custodians, and protocols:The Bybit hack serves as a stark reminder: black swan events remain the greatest risk to crypto security, even as general custody practices and infrastructure hardening continue to improve.