Crypto Infrastructure Exploits Drive Record Losses in 2025, TRM Labs Reports
In the first half of 2025, the cryptocurrency ecosystem has suffered unprecedented losses, exceeding the total amount lost in all of 2024. According to a recent report by blockchain intelligence firm TRM Labs, crypto infrastructure exploits—including private key thefts and front-end attacks—have been responsible for over 80% of the $2.1 billion stolen so far this year.
Infrastructure Exploits Dominate Crypto Thefts
TRM Labs identifies crypto infrastructure attacks as the primary driver of these large-scale losses. These attacks target the foundational technical components of crypto systems, such as users’ private seed phrases or the front-end protocols of blockchain platforms. By exploiting these core vulnerabilities, attackers can gain unauthorized control, mislead users, or reroute digital assets to themselves.
“These methods exploit foundational weaknesses in cryptosystems and are often amplified by social engineering,” the report explains. On average, infrastructure exploits yield ten times more stolen value per incident compared to other types of hacks, illustrating the substantial financial impact of these breaches.
Protocol Exploits Contribute to Rising Illicit Activity
Besides infrastructure attacks, protocol exploits—including flash loan and re-entrancy attacks—account for 12% of crypto losses this year. These exploits take advantage of vulnerabilities in smart contracts or the core logic of blockchain protocols to either drain funds or disrupt normal system operations.
TRM Labs notes that such exploits continue to fuel a surge in illicit crypto activity, highlighting the growing sophistication of attackers targeting decentralized finance (DeFi) platforms and other blockchain-based services.
Record-Breaking Year for Crypto Hack Losses
With total thefts reaching $2.1 billion by mid-2025, losses have surpassed the previous record set in 2022 by approximately 10%. This figure nearly matches the total losses from all of 2024, underscoring a sharply rising threat landscape for digital assets.
The average size of hacks has also increased significantly to nearly $30 million per incident, doubling the $15 million average recorded in the first half of 2024. ### State-Sponsored Attacks Lead Losses
A major contributor to the high losses is a state-sponsored cyberattack attributed to North Korea. In February 2025, the group reportedly hacked Dubai-based crypto exchange Bybit, stealing approximately $1.5 billion alone. This single breach accounts for nearly 70% of the total losses recorded so far this year.
Other geopolitically motivated groups have also played a role. For instance, the pro-Israel hacker group Gonjeshke Darande (also known as Predatory Sparrow), believed to have ties to the Israeli government, exploited Iran’s largest crypto exchange, Nobitex, for $100 million in June 2025. TRM Labs emphasized that the first half of 2025 marks “a pivotal shift in crypto hacking,” highlighting escalating strategic intent from state actors and other geopolitically motivated organizations.
Calls for Strengthened Security and Global Collaboration
In response to the growing threat, TRM Labs urges the crypto industry to reinforce fundamental security practices. Recommended measures include adopting multifactor authentication, utilizing cold storage solutions, conducting frequent security audits, and prioritizing insider threat detection alongside advanced social engineering countermeasures.
Furthermore, the report stresses the necessity of “multifaceted collaboration” among global law enforcement agencies, financial intelligence units, and blockchain intelligence firms to effectively combat these sophisticated cyber threats.
“H1 2025’s record thefts are a stark call to action for a collective, sustained, and strategically aligned security posture—one prepared not just for crime, but for covert acts of statecraft,” TRM Labs concluded.
This report highlights the critical vulnerabilities in the cryptocurrency infrastructure that continue to be exploited by hackers, underscoring the urgent need for robust security measures and international cooperation to protect the rapidly growing digital asset ecosystem.