In the first half of 2025, hackers stole over $2.1 billion from cryptocurrency platforms, marking the largest theft in history. According to TRM Labs, during this period, at least 75 major hacks occurred, 10% more than in the same period in 2022. Experts warn that cyberattacks are becoming increasingly sophisticated not only from a technical perspective but also with political motivations.

As digital assets become more significant for global economies, cyber threats are starting to take on a strategic nature. This is especially evident against the backdrop of activity by so-called state-sponsored hackers, whose actions go beyond ordinary criminal activity.

Who is behind the largest attacks?

The largest amount was stolen in the hack of the cryptocurrency exchange Bybit, one of the largest in the world. In February 2025, $1.5 billion was stolen from it, accounting for around 70% of the total amount stolen in the first half of the year. The attack occurred via a vulnerability in the cold wallet system and resembled the methods used against the Indian exchange WazirX in 2024.

Suspicion fell on the Lazarus hacker group from North Korea, known for its attacks on crypto platforms. Experts suggest that the goal of the attacks was to circumvent sanctions and fund government programs. Activity was also shown by other countries: in June 2025, the Iranian exchange Nobitex was hacked, and preliminary data suggests the attack was carried out by the Israeli group Gonjeshke Darande.

What lies behind vulnerabilities in the crypto space?

In 2025, most attacks targeted infrastructure vulnerabilities: key compromise, phishing schemes, social engineering, and even insider actions. These methods made up over 80% of all incidents. Even the largest crypto platforms, such as Coinbase, were vulnerable. In spring 2025, a leak of personal data of 69,000 users was recorded, which allowed criminals to later steal $400 million through fraudulent schemes.

The most common attack methods include:

• Theft of private keys and seed phrases;
• Phishing and social engineering with the involvement of insiders;
• Vulnerabilities in smart contracts and DeFi protocols.

Although attacks through code vulnerabilities account for only 12% of all incidents, they highlight the need for regular testing and updating of smart contracts, especially in the decentralized finance sector.

Why cyber threats should not be ignored?

While cyberattacks serve to steal funds, they are increasingly becoming a tool for pressure and political influence. This makes them a threat not only to specific crypto platforms but also to economic stability as a whole. As the influence of cryptocurrencies on international financial and political processes grows, the protection of these assets must take into account not only technological aspects but also political risks.

For users and investors, this signals the need to reconsider standard security measures. Simple protective measures such as two-factor authentication and cold wallets no longer provide adequate security. The crypto market is becoming an integral part of the global political and economic system, and we must be prepared for that.