More than $2 billion in cryptocurrency was stolen by hackers in the first half of 2025, according to the blockchain security firm Chainalysis.
Most of the total comes from the $1.5 billion stolen from Dubai-based crypto platform Bybit in February by hackers connected to North Korea.
The $2.17 billion stolen so far this year already surpasses the losses seen in all of 2024, and is the highest number seen in the first six months of a year since the company began tracking the figures in 2022.
Chainalysis estimates that up to $4 billion worth of cryptocurrency may be stolen by the end of the year.
The Bybit incident is currently the largest-ever crypto theft and accounts for 69% of all funds stolen this year.
“The Bybit hack demonstrates that even sophisticated industry entities remain vulnerable to advanced persistent threats, while the surge in personal wallet compromises shows that individual holders of cryptocurrency face unprecedented risks,” the researchers said.
“The geographic expansion of crypto crime, and the correlation between asset prices and violent attacks add additional complexity to an already challenging security environment.”
Chainalysis researchers noted several other concerning trends, including increases in personal wallet compromises and so-called “wrench” attacks where physical violence or coercion is used against crypto holders.
The report found that the average losses coming from compromised personal wallets storing Bitcoin has increased, illustrating that hackers are likely going after higher-value individual holdings. There have already potentially been twice the number of physical attacks in 2025 compared to the entire next highest year on record.
Chainalysis noted there are likely more physical attacks that go unreported.
The U.S., Germany, Russia, Canada, Japan, Indonesia and South Korea saw the highest concentration of stolen fund victims.
The data from Chainalysis largely matches numbers released by the blockchain intelligence firm TRM Labs two weeks ago — which found $2.1 billion stolen across at least 75 distinct hacks and exploits. TRM Labs also highlighted the Israel-linked attack in June on Iran’s largest crypto exchange, Nobitex, which involved the theft of more than $90 million. Alongside North Korea’s attacks, it illustrated the growing role of nation-states in crypto theft incidents.
The United Nations said last year that it is tracking dozens of incidents over a five-year period that have netted North Korea $3 billion.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.
