Blockchain analytics firm Chainalysis reports that hackers stole $2.17 billion in crypto from platforms in the first six months of 2025—surpassing the total stolen in all of 2024 and marking the worst half-year on record
North Korea-linked cybercriminals, primarily the Lazarus Group (also referred to as TraderTraitor), are responsible for about $1.5 billion of that theft—approximately 70% of the total losses
📌 The Bybit Hack: A Landmark Breach
- The $1.5 billion hack of Dubai-based exchange Bybit in February 2025 is considered the largest single crypto theft ever.
- FBI identified North Korea as the perpetrator, saying Lazarus Group manipulated a routine wallet transfer via malware-altered smart contract logic
📉 Trends & Impact
- In total, crypto services lost $2.1–$2.17 billion in H1 2025 over ≈75 separate hacking incidents, nearly matching all of 2024’s losses TechCrunch
- North Korea-affiliated groups executed infrastructure-level breaches—such as private key theft or front-end hijacking—for over 80% of these losses. Personal wallet “wrench attacks” account for another 23%
🌐 Who’s Behind It: The Lazarus Group
- The Lazarus Group, also tied to North Korea’s Bureau 121 and Reconnaissance General Bureau, is a notorious state-sponsored advanced persistent threat (APT).
- Since 2017, it’s been linked to over $3 billion in crypto thefts—$1.34B in 2024 alone—via high-profile breaches like Axie Infinity/Ronin Bridge and DMM Bitcoin
💸 Broader Implications & Risks
- Funding Sanctioned Regimes: Cyber thefts enable rogue states like North Korea to evade sanctions and fund weapons programs.
- Rising Personal Targeting: The explosive growth in wrench attacks and wallet thefts shows attackers are increasingly targeting individuals—not just platforms.
- Security Risk Escalation: Chainalysis warns stolen funds may hit $4 billion by end of 2025 if current trends continue
✅ Final Takeaway
- North Korea-linked hackers have likely stolen $2.17 billion in crypto in H1 2025, with the Lazarus Group behind the record-setting Bybit attack.
- This surge—nearly triple North Korea’s exploits in 2024—underscores the growing geopolitical threat of crypto-related cybercrime.
- The events highlight the urgent need for robust cryptocurrency security, cooperation with blockchain intel firms, and stronger global regulatory coordination.
