In the first half of 2025, hackers made off with an astonishing $2.1 billion worth of cryptocurrency—the highest half year total on record. According to blockchain intelligence firm TRM Labs, this surge was fueled primarily by a single, audacious breach: the $1.5 billion Ethereum heist at Bybit. What’s more, North Korea–linked cyber actors were behind approximately 70% of the total losses, marking a dramatic shift in how digital theft is being weaponized.
The Bybit Breach: History’s Largest Crypto Heist
On February 21, 2025, the Dubai based exchange Bybit was hacked for $1.5 billion in Ethereum and associated tokens in the largest crypto heist on record. Investigations concluded that the hack originated from a compromised laptop of a developer in Safe{Wallet}, the multi signature wallet provider on behalf of Bybit.
By executing a malicious Docker application on February 4, hackers installed malware that ultimately enabled them to hijack AWS authentication and inject false transaction data into Bybit’s system. TRM Labs and the FBI attribute this breach to the North Korean group known as “TraderTraitor,” part of the Lazarus collective.
Nation State Warfare in Cyberspace
TRM Labs aptly highlights that North Korea “has cemented its position as the most prolific nation state threat actor in the crypto space,” using illicit digital funds “as a critical tool of statecraft”. Their report shows that in H1 2025, DPRK-linked hackers stole around $1.6 billion, dwarfing the rest of the attackers combined.
The hacks this year represent a change in strategy. Rather than just pursuing profit, these operations have a political and financial motive – providing funding to North Korea’s nuclear program and assisting them to evade sanctions.
Infrastructure Attacks: The Achilles’ Heel
Of the $2.1 billion lost, a staggering 80% came from infrastructure attacks, which were compromised private keys, seed phrases, or signing environments. These breaches—via social engineering or malware—demonstrate how insecure even trusted custody solutions are.
Safe{Wallet}’s investigation indicates that attackers not only compromised credentials, but also deleted system logs, confirming a significant level of sophistication. This validates the notion that guarding the human side and operational side of security is as critical as protecting code.
Ripple Effects on the Crypto Industry
The Bybit breach has created a chain reaction. The exchange utilized reserves to pay back 350,000 withdrawal requests after borrowing another $280 million in emergency loans. While most of the stolen funds are still in blight, and around 20% are in frozen crypto wallets, some may be exposed through an extensive blockchain tracing effort.
Based more generally, consumers lost faith and Bybit lost market share from around 12% down to 8%. The whole incident has raised all the scrutiny with centralized exchanges and their reliance on third party security structures.
What Lies Ahead: Fortifying Crypto’s Defenses
As 2025 continues, crypto platforms must learn from this crisis. TRM Labs emphasizes the rise of infrastructure threats and nation state involvement; major steps are needed, including:
- Rigorous vetting and isolation of third party services like wallet providers.
- Multi-device verification for signing critical transfers, avoiding single point compromises.
- Real time blockchain monitoring, to track unusual transaction patterns immediately.
- Improved cross border law enforcement cooperation, as stolen assets are quickly laundered through sophisticated networks.
Conclusion
The Bybit hack puts a new weight on the urgency of cyber-security for cryptocurrency. During this time, the industry lost $2.1 billion from hacks, substantially higher because of just one attack on the infrastructure level. With nation state actors like North Korea now trend-jacking an old element of cyber warfare (thefts) made easier by the crypto label, digital asset platforms must either change rapidly or risk significantly more damaging breaches.
