Private key compromises combined with front-end exploits accounted for over 80% of all thefts across 75 incidents. The highly-targeted attacks often use social engineering techniques and exploit infrastructure flaws. They are now more destructive, with an average of nearly $30 million in losses per breach. A hack of the Dubai-based Bybit exchange, attributed to North Korean actors and worth $1.5 billion, was by far the most damaging incident, accounting for nearly 70%. The crypto-security space has also been affected by geopolitical tensions, as groups such as the pro Israel hacker collective Predatory SParrow have targeted Iranian exchanges.
Resupply, a DeFi company, lost $9.6m in a synthetic asset manipulation exploit called Today’s viral level= Brown. In the US, British hacker Kai West has been indicted for selling stolen information through BreachForums and raking millions of dollars in Bitcoins and Monero.
Crypto theft will soar in 2025
Cyberattacks involving cryptography reached unprecedented heights in the first six months of 2025. This resulted in staggering losses totaling $2.1 billion. According to TRM Labs, a blockchain intelligence company.
These attacks, including compromising a user’s private seed phrase or exploiting vulnerabilities in a crypto platform’s interface, have proven to be particularly damaging as they net hackers ten times more value than other forms of cyberattacks. Infrastructure-based attacks such as compromising the private seed phrase of a user or exploiting weaknesses in the crypto platform interface have been particularly harmful, yielding hackers 10 times more than any other form of cyberattack.
Source:TRMLabs
TRM Labs explained these types of attacks take advantage of core vulnerabilities in cryptosystems, and they are often aggravated by social-engineering tactics designed to influence users. Protocol exploits, in addition to infrastructure breaches were also a key threat vector. The attacks like the flash loan exploits or re-entrancy vulnerability accounted for 12 percent of the total losses in the time period. They target smart contracts, logic, or the blockchain protocol itself to either steal money or disrupt operations.
It is estimated that the thefts in H1 of 2025 are already exceeding the half-year totals for 2022 and 2024 by about 10%. They’re almost the same as the year 2024. The hack of the Dubai-based cryptocurrency exchange Bybit for $1.5 billion, attributed by state-backed North Korean hackers to be a major factor in this year’s record breaking losses. This one incident accounts for around 70% of the total amount stolen in 2025, and has pushed average hacking size up to $30 million. The amount is more than double the last year.
These attacks seem to have a greater role for state actors or hacking groups with political motivations. TRM Labs cited the pro-Israeli hacker group Gonjeshke Darande (also known as Predatory SParrow), which may have links with the Israeli government. They were responsible for $100 million in exploits on Iran’s biggest exchange, Nobitex. This report describes this as an “escalation” of the crypto-hacking landscape, with geopolitical motives increasingly driving malicious activities.
TRM Labs has called for an overhaul of the crypto-security practices to address this growing threat. Multifactor authentication is one of the ways to combat this threat. Other measures include using cold storage funds, performing regular audits and improving detection of social engineering and insider threats.
The firm also emphasized the need for greater international collaboration between law enforcement, financial intelligence, and analytics companies. TRM Labs believes that the first half 2025 will be a wake up call to the industry.
The $9.6M deFi exploit has a direct impact on Resupply
Crypto crime shows no sign of slowing down. Recently, Resupply confirmed that a security flaw in the wstUSR Market of its DeFi protocol led to a $9.6 Million loss.
This exploit resulted from a manipulation of Where to Buy using a stablecoin known as cvcrvUSD. Cyvers, a blockchain security company, claims that the attacker inflates the Where to Buy share in the ResupplyPair Contract to obtain $10 million worth of reUSD with minimal collateral. Tornado Cash funds were initially converted into Ethereum, and then distributed to two different addresses.
Resupply responded by halting the contracts in question and stating that the only market affected was the WstUSR. After completing their investigation, the protocol will release a post-mortem. Cyvers CTO Meir Dolev thinks that this attack could have easily been prevented with better input verification, oracle check, and real time anomaly monitoring.
This incident will be included in the DeFi exploits list for 2025. Hackers are increasingly using social engineering. This was evident in the $2 million Bedrock UniBTC hack in 2024, linked to an ex-Fuzzland employee. The breach involved insider information and supply chain attacks.
Hacker in the UK Busted For Selling Stolen Information
Kai West, a British citizen, was indicted recently by the US Attorney’s Office of the Southern District of New York. He is accused of operating under the name “IntelBroker”, selling stolen data in cybercrime forums and causing damages of over $25,000,000. West has been accused of working with CyberN***ers, a group of cybercriminals, to steal information from over 40 companies. This includes a telecom company, municipal healthcare system and internet service providers.
Source:US Attorney’s Office
Charges stemming in part from a law enforcement undercover operation in which an agent bought stolen credentials for $250 Bitcoin from IntelBroker. These data contained administrative usernames and passwords.
West was active between January 2023 and Febraury 2025 on the BreachForums platform, where he allegedly advertised stolen data for more than $2 million. West was responsible for at the very least 158 threads announcing stolen data. 41 of these threads involved American companies. Sixteen posts included explicit price listings totaling at least $2.4 Million.
West accepted payment in Monero, a cryptocurrency that is focused on privacy. Authorities claim that his BreachForums activity grew to the point in which he became identified as BreachForums’ owner beginning August 2024. He was detained in France early this year and US authorities now seek his extradition.
The severity of these crimes was emphasized by law enforcement officials including the former SEC chair Jay Clayton and FBI assistant director Christopher Raia. Raia called West a “serial hackers” who made millions of dollars from illegal activities.
This case joins a long list of recent high-profile cyber incidents including the Coinbase breach. This incident was caused by the unauthorised access to customer data of overseas support agents. It led to an extortion effort for $20 million.
Leave a Reply