July 3, 2025 — Crypto Security / Industry Analysis — The first half of 2025 has proven to be the most perilous yet for cryptocurrency, with digital asset holders suffering over $2.1 billion in losses—surpassing any prior six-month period, including 2022’s record year. A comprehensive TRM Labs investigation reveals the vast majority of these thefts resulted not from faulty smart contracts but from infrastructure attacks: compromised seed phrases, private keys, and front-end systems, underscoring an urgent need for improved security practices.
Crypto infrastructure is crumbling under the weight of hackers targeting basic trust layers. In H1 2025, more than 80% of stolen funds—comprising over $1.7 billion—were taken via breaches that accessed private keys or user wallets directly. These “infrastructure exploits” outpaced DeFi protocol hacks by a ratio of roughly 10 to 1, even as software vulnerabilities and flash-loan attacks continued to claim victims.
TRM Labs and CertiK reports confirm this alarming pivot. Malicious actors now pursue infrastructure-level targets: compromised exchange front-ends, phishing of seed phrases, and even insider-assisted access. These vectors yield gains an order of magnitude larger than classic smart-contract exploits or token bugs.
A dominant driver behind the shocking figure is the $1.5 billion hack of Bybit in February—a theft attributed to North Korean-linked Lazarus Group. This single attack tallies nearly 70% of overall losses in the period, causing the average hack size to balloon to approximately $30 million, double the H1 2024 average.
TRM Labs reports that North Korean outfits were behind around $1.6 billion—70% of the total stolen in the first half of the year. Some attacks, like the $90 million hack of Iran’s Nobitex exchange, reportedly linked to Israeli cyber-operators Gonjeshke Darande, underscore how geopolitical motives have entered the crypto threat landscape.
Hackers have refined their tools accordingly. Malware like PylangGhost targets login credentials and browser-stored seed phrases—victimizing users via fake job applications or phishing email links. Attacks such as address-poisoning, where malicious actors inject lookalike wallet addresses, add even more layers of deception
Meanwhile, phishing remains rampant. CertiK reports that social engineering and forged wallet pop-ups now account for the majority of individual hacks—often draining coins without anyone noticing until it’s too late.
Despite widespread headlines around flash-loan incidents in 2022 and 2023, smart contract exploits are only 12% of losses so far in 2025. H1 saw high-profile cases—like the Cetus exploit on Solana and remnants of fund redirection practices—but these totaled far less than infrastructure attacks.
This challenges the prevailing assumption that DeFi is the most dangerous frontier. In reality, the “keep your keys” model is collapsing—and system integrity hinges not on code alone but on protecting foundational assets.
The scale of losses—nearly matching the entirety of 2024—demands a rapid pivot in the sector’s security mindset. Firewalls and code audits alone are no longer sufficient. Digital asset platforms must now adopt layered defenses:
- Cold storage for wallets and tokens;
- Multi-factor authentication (MFA) across systems;
- Phishing-resistant UI design;
- Employee access controls to limit insider breach risk;
- Malware scanning, browser isolation to block PylangGhost and variants.
Enterprises like exchanges and wallet providers also require regular penetration testing, private-key custody redundancies, and educative user flows that flag suspicious behavior before losses occur.
Paradoxically, crypto markets have shown resilience. Ethereum held steady near $2,600, even as whales and institutions recalibrated risk models . This suggests that the narrative around governance and custody may be gaining market importance—if security frameworks strengthen in response.
However, the risk remains that continued high-profile strikes erode confidence: users, investors, and regulators may pause adoption if billions continue vanishing unchecked.
The $2.1 billion lost in the first half of 2025 represents more than monetary damage—it reflects a tectonic shift in the threat model facing the crypto space. Gone are the days when smart-contract audits alone were enough; modern security must account for human behavior, system integrity, and geopolitical hacking campaigns.
As crypto grows deeper into global finance, it must build defenses as resilient as its ambitions. Infrastructure-level security is now the foundation—without it, the promise of decentralization is undermined byte by byte.