Table of Contents
Nation-States Lead Crypto Theft Surge in 2025
According to a report by TRM Labs, blockchain intelligence firm, the first half of 2025 has witnessed nation-states becoming significant players in cryptocurrency theft. This period has marked the worst start to a year for crypto thefts, fuelled largely by North Korea’s unprecedented hack of ByBit, which resulted in the loss of a staggering US$1.5 billion (AU$2.2 billion).
Record Theft Statistics
In total, over US$2.1 billion (AU$3.2 billion) in cryptocurrency has been stolen in at least 75 major attacks during H1 2025. This figure represents a more than 10% increase compared to the previous record set in the first half of 2022. Alarmingly, it nearly equals the total losses incurred throughout the entirety of 2024. TRM Labs attributes the bulk of these losses to the actions of state-sponsored hackers.
Escalating Strategic Intent
The report highlights a pivotal shift in the motivations behind these attacks, indicating an increasing strategic intent from state actors and politically motivated groups. The hacking activities of North Korea have been particularly pronounced, with the ByBit incident signalling a concerning trend, where state actors leverage crypto-crime not merely for financial gain but to exert geopolitical influence.
North Korea’s Cyber Offensive
The ByBit hack has been characterised as a watershed moment, as it underlines North Korea’s methodical approach to utilising cryptocurrency for various state objectives. Notably, this can include evading international sanctions and funding military endeavours, including its controversial nuclear programme.
TRM Labs stated, “This staggering figure…indicates a persistent and escalating effort by the Democratic People’s Republic of Korea (DPRK) to leverage illicit cryptocurrency gains, not only to evade sanctions but also as a core aspect of its statecraft.”
Global Crypto Thefts: A Broader Landscape
While North Korea is the primary suspect in this surge of crypto thefts, it is not acting alone. A notable example of geopolitics intersecting with cybercrime was the June 18 theft from Nobitex, Iran’s largest crypto exchange, orchestrated by a group known as Gonjeshke Darande (or Predatory Sparrow), which is allegedly linked to Israel.
According to TRM Labs, this hack was motivated by the group’s desire to disrupt the Iranian regime’s ability to finance its operations, further exemplifying crypto theft as an emerging tool of statecraft.
The Nature of Targeted Attacks
Interestingly, the methodology employed in the Nobitex hack involved transferring stolen funds to ‘vanity addresses’—wallets designed to be unspendable due to a lack of private keys. This indicates that the attackers potentially aimed for a symbolic, rather than a financial, victory.
Vulnerabilities in Crypto Infrastructure
TRM Labs identifies private key thefts and front-end exploits as the principal vulnerabilities plaguing the cryptocurrency industry, with these attacking methods accounting for an impressive 80% of all losses in H1 2025. Moreover, the average loss due to infrastructure attacks is reported to be ten times higher than other attack forms.
"Delineated as attack techniques targeting the technical core of digital asset systems, infrastructure attacks can lead to unauthorised control, user deception, or asset rerouting," the report explains.
Emerging Threats from Protocol Attacks
Protocol-based attacks, primarily affecting decentralised finance (DeFi) platforms, represent the second most significant threat vector, accounting for 12% of total losses. These attacks often exploit vulnerabilities inherent in smart contract code, highlighting ongoing challenges surrounding smart contract security.
The Path Forward: Strengthening Security
With the increasing involvement of nation-states in crypto-related theft, experts urge the sector to enhance security measures such as audits and multi-factor authentication. Furthermore, collaboration among global law enforcement agencies is essential for combating this evolving threat landscape effectively.
In summary, as 2025 unfolds, the intersection of geopolitics and cyberspace is becoming ever clearer, establishing a dire need for improved security practices within the cryptocurrency realm. Nation-states, now prominent players in this domain, will continue to shape the future of crypto theft and provide unique challenges to the industry as a whole.
