Share this article
Crypto’s Worst Six Months Yet? North Korea Hacks Lead to $2.1B in Thefts
North Korea-linked attacks have resulted in over $1.6 billion in losses, a TRM Labs report released Friday said.
Jun 27, 2025, 11:58 a.m.
What to know:
- Crypto investors lost over $2.1 billion to hacks in the first half of 2025, the worst period on record for crypto security.
- North Korean-linked groups are responsible for $1.6 billion, or 70%, of the stolen funds this year.
- The largest crypto theft in history, a $1.5 billion hack of Bybit, is believed to have been carried out by North Korea.
Crypto investors lost over $2.1 billion to hacks and exploits in the first half of 2025, marking the worst six-month period on record for crypto security and an indication of some nation-states intensifying their cyber campaigns in the crypto space.
The 75 recorded incidents crossed the previous H1 high from 2022 by roughly 10% and nearly match the entire 2024 total, a TRM Labs report released Friday said. But raising alarms is who is doing a major part of the stealing.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Researchers say North Korean-linked groups are responsible for $1.6 billion, or 70% of all stolen funds this year.
At the center of the surge is the $1.5 billion Bybit hack in February, now believed to have been carried out by North Korea, marking the largest crypto theft in history and skewing the year’s average hack size to $30 million — or double last year’s levels.
The threat isn’t limited to Pyongyang. On June 18, a group believed to be linked to Israel, Gonjeshke Darande (Predatory Sparrow), stole $90 million from Iranian exchange Nobitex, reportedly in retaliation for the platform’s alleged role in sanction evasion.
The stolen funds were sent to vanity addresses (which are un-spendable by design and sent tokens are deemed burnt), suggesting a political motive over profit.
Attack vectors are evolving fast. Over 80% of stolen funds stemmed from infrastructure-level breaches, including private key thefts and front-end hijacks.
These attacks, often involving social engineering or insider access, are proving to be ten times more lucrative than traditional smart contract exploits. DeFi vulnerabilities, including flash loan and reentrancy attacks, which were prevalent in 2021-22, accounted for a relatively small 12% of the losses.
Read more: North Korean Hackers Are Targeting Top Crypto Firms With Malware Hidden in Job Applications
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
U.S. Spot XRP ETFs Hit 15-Day Inflow Streak, Near $1B Milestone
U.S. spot XRP ETFs approaching $1 billion are the most significant altcoin launch yet, validating a regulatory blueprint for all utility tokens and signaling Wall Street's post-lawsuit conviction.
What to know:
- U.S. spot XRP ETFs are on track to surpass $1 billion in inflows soon, following a 15-day streak of net investments.
- The ETFs have benefited from the resolution of Ripple's court case with the SEC, which clarified XRP's regulatory status.
- Institutional interest in XRP ETFs is driven by their stability and liquidity, distinguishing them from other crypto ETFs.
Top Stories
