In the first half of 2025, the global cryptocurrency industry experienced the worst hacking damage in history. According to TRM Labs, the total damage from cryptocurrency hacking worldwide over the past six months amounted to $2.1 billion (approximately 2.919 trillion won).
Among this, about $1.5 billion (approximately 2.085 trillion won) was lost in a single incident. This was the hacking of Bybit, a large exchange based in Dubai in February, which was the largest single hacking event in cryptocurrency history. TRM Labs pointed to a hacker group linked to the North Korean regime as the perpetrator. Approximately 70% of the total hacking damage occurred in this incident, causing the average damage per incident to double compared to the previous year to $30 million (approximately 41.7 billion won).
According to the report, a total of 75 major hacking and vulnerability exploitation cases occurred during the first half of the year. In January, April, and May, large-scale hacking incidents exceeding $100 million (approximately 139 billion won) were detected in succession. The main types of digital asset hacking were infrastructure security vulnerability attacks such as sensitive information leakage or frontend breaches, accounting for over 80% of the total damage. Most of these attacks were expanded through social engineering techniques or insider leaks.
Additionally, flash loan attacks exploiting protocol defects and smart contract vulnerabilities were still prevalent. Particularly in the DeFi sector, hacking using flash loans accounted for about 12% of the total damage, highlighting a persistent security issue.
TRM Labs estimated that hacking organizations related to North Korea stole at least $1.6 billion (approximately 2.224 trillion won) in the first half of the year alone. Evidence suggests these funds are being used to circumvent UN sanctions and finance North Korea's strategic weapons program, especially nuclear development.
Meanwhile, in the first half of 2025, there were cases where cryptocurrency hacking was used as a means of international conflict. The pro-Israel attack group 'Gonjeshke Darande' claimed to have hacked Iran's largest cryptocurrency exchange, Nobitex, stealing more than $90 million (approximately 125.1 billion won). The group publicly stated that the attack was intended to obstruct Iran's sanction evasion and illegal fund support.
Particularly, by transferring the stolen assets to a permanently invalid address that cannot be created without a private key, the intention to deliver a political message rather than financial gain was strongly evident. Cyber warfare mediated by cryptocurrency is evolving into a new form.
The first half of 2025 records once again highlighted that cybersecurity is a key issue in the blockchain industry. TRM Labs warned that unless the cryptocurrency ecosystem strengthens internal control and technical security, more fatal attacks are likely to occur in the future.
Real-time news...Go to TokenPost Telegram
<Copyright ⓒ TokenPost, unauthorized reproduction and redistribution prohibited>
