Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks

More than $2 billion in cryptocurrency was stolen by hackers in the first half of 2025, according to the blockchain security firm Chainalysis.

Most of the total comes from the $1.5 billion stolen from Dubai-based crypto platform Bybit in February by hackers connected to North Korea.

The $2.17 billion stolen so far this year already surpasses the losses seen in all of 2024, and is the highest number seen in the first six months of a year since the company began tracking the figures in 2022. 

Chainalysis estimates that up to $4 billion worth of cryptocurrency may be stolen by the end of the year.

The Bybit incident is currently the largest-ever crypto theft and accounts for 69% of all funds stolen this year. 

“The Bybit hack demonstrates that even sophisticated industry entities remain vulnerable to advanced persistent threats, while the surge in personal wallet compromises shows that individual holders of cryptocurrency face unprecedented risks,” the researchers said.

“The geographic expansion of crypto crime, and the correlation between asset prices and violent attacks add additional complexity to an already challenging security environment.”

Chainalysis researchers noted several other concerning trends, including increases in personal wallet compromises and so-called “wrench” attacks where physical violence or coercion is used against crypto holders. 

The report found that the average losses coming from compromised personal wallets storing Bitcoin has increased, illustrating that hackers are likely going after higher-value individual holdings. There have already potentially been twice the number of physical attacks in 2025 compared to the entire next highest year on record. 

Chainalysis noted there are likely more physical attacks that go unreported. 

The U.S., Germany, Russia, Canada, Japan, Indonesia and South Korea saw the highest concentration of stolen fund victims. 

The data from Chainalysis largely matches numbers released by the blockchain intelligence firm TRM Labs two weeks ago — which found $2.1 billion stolen across at least 75 distinct hacks and exploits. TRM Labs also highlighted the Israel-linked attack in June on Iran’s largest crypto exchange, Nobitex, which involved the theft of more than $90 million. Alongside North Korea's attacks, it illustrated the growing role of nation-states in crypto theft incidents. 

The United Nations said last year that it is tracking dozens of incidents over a five-year period that have netted North Korea $3 billion.

Eric Jardine, cybercrimes research lead at Chainalysis, told Recorded Future News that the increase in adoption of cryptocurrency as well as price appreciation has expanded the ecosystem and subsequently the frequency of thefts. 

With more institutional security practices and regulatory frameworks in place, thieves have upgraded their own capabilities and expanded their range of targets, he explained.

“As a prime example of that, unfortunately, [North Korea] continues to be a source of active threats to crypto users and crypto services — its activity builds on last year, when we reported that the DPRK made up 61% of stolen fund losses for the year,” he said. 

“Part of this is because the DPRK has been agile, consistently adapting its approaches, techniques, and tactics and has begun to compromise not only high-value services, but also many smaller-scale crypto firms.”