Crypto Hacks Surge to Record $2.1B in H1 2025, North Korea Linked to 70% of Thefts

According to PeckShieldAlert, the first half of 2025 has become the worst six-month period on record for crypto security, with over $2.1 billion stolen across 75 incidents. A TRM Labs report highlights that this figure surpasses the previous H1 high from 2022 by 10%. Alarmingly, North Korean-linked groups are reportedly responsible for $1.6 billion, or 70% of all stolen funds. This surge is heavily influenced by the historic $1.5 billion Bybit hack in February, attributed to North Korea, which has skewed the average hack size to $30 million. The report also notes a significant shift in attack vectors, with over 80% of losses stemming from infrastructure-level breaches like private key thefts, which are proving ten times more lucrative than traditional DeFi smart contract exploits. This trend underscores a critical security risk for traders, emphasizing the vulnerability of centralized platforms and the growing threat of nation-state cyber campaigns impacting the market.
SourceAnalysis
The first half of 2025 has etched a grim milestone in the history of digital assets, with over $2.1 billion stolen through hacks and security exploits. This figure marks the most damaging six-month period on record for the cryptocurrency space, signaling a significant escalation in cyber threats, particularly from nation-state actors. According to a detailed report from TRM Labs, the 75 recorded incidents in H1 2025 represent a 10% increase over the previous high set in the first half of 2022 and are already approaching the total losses for the entire year of 2024. This alarming trend underscores a new level of sophistication and audacity among cybercriminals, creating a persistent headwind for market sentiment and investor confidence.
Nation-State Actors Escalate Digital Asset Thefts
A staggering aspect of this surge in crypto theft is the dominant role played by state-sponsored groups. The TRM Labs report attributes a massive $1.6 billion, or roughly 70% of all stolen funds this year, to groups linked with North Korea. This campaign of digital plunder was dramatically highlighted by the single largest crypto theft in history: the $1.5 billion hack of the Bybit exchange in February 2025, which is now believed to be the work of North Korean operatives. This one event has drastically skewed the metrics for 2025, pushing the average value per hack to $30 million, double the average from the previous year. The threat is not isolated to one region; on June 18, a group named Gonjeshke Darande (Predatory Sparrow), reportedly linked to Israel, stole $90 million from the Iranian exchange Nobitex. In a move suggesting political motivation over financial gain, the funds were sent to unspendable burn addresses.
The Evolving Tactics of Cyber Criminals
The methods used in these high-value heists are also evolving rapidly. The focus has shifted from exploiting smart contract vulnerabilities to more fundamental infrastructure-level breaches. Over 80% of the funds stolen in H1 2025 were a result of attacks like private key compromises and front-end hijacks. These attacks, which often rely on sophisticated social engineering or malicious insider access, are proving to be far more lucrative—nearly ten times more so—than the flash loan and reentrancy attacks that were common in the DeFi boom of 2021-2022. This strategic shift presents a more profound and difficult-to-defend threat for exchanges, protocols, and investors, as it targets the core security foundations of digital asset custody.
Market Reaction and Chainlink (LINK) Trading Analysis
This backdrop of heightened security risk inevitably casts a shadow over the market, influencing trading behavior and asset prices. Systemic threats from large-scale hacks can dampen bullish momentum and increase investor demand for security and reliability. In this context, the performance of foundational infrastructure projects like Chainlink (LINK) becomes a critical barometer. As the leading decentralized oracle network, Chainlink's security is paramount to the DeFi ecosystem it supports, and its price action reflects a blend of project-specific strength and broader market anxieties.
Analyzing the recent trading data for Chainlink reveals a nuanced picture. The LINK/USDT pair is currently trading around $13.10, down approximately 0.61% over the past 24 hours. The price has retreated from a daily high of $13.65, indicating that sellers have taken control and are pushing the asset towards a key support level. The 24-hour low of $13.10 is currently being tested, and a sustained break below this level could open the door for further downside, potentially driven by the negative market sentiment surrounding security breaches. Similarly, the LINK/USD pair shows a 0.68% decline, trading at $13.11 after failing to hold levels near its $13.56 high. However, the story is different when viewed against Bitcoin. The LINK/BTC pair has gained 1.017% to trade at 0.00014900 BTC, moving within a range of 0.00014680 and 0.00015190 BTC. This relative strength against the market leader is a significant bullish indicator for LINK holders. It suggests that while the broader market tide is pulling most assets down against the dollar, LINK is outperforming Bitcoin. Traders should closely monitor the $13.10 support level on USD pairs while watching if LINK/BTC can break above its recent high of 0.00015190 BTC, which would signal continued relative strength and could foreshadow a strong rebound once overall market sentiment improves.
PeckShieldAlert
@PeckShieldAlertPeckShield is a prominent blockchain security firm that provides comprehensive solutions aimed at safeguarding the blockchain ecosystem.