Private Key and Front End Exploits Lead Crypto Thefts in 2025

The majority of the thefts were driven by private key compromises and front-end exploits, which together accounted for more than 80% of stolen funds across 75 incidents. These highly targeted attacks very often involve social engineering and infrastructure vulnerabilities, and they have become much more more damaging, averaging nearly $30 million per breach. A $1.5 billion hack on Dubai-based exchange Bybit, linked to North Korean state actors, was the largest single incident and contributed to nearly 70% of total losses. Geopolitical tensions have also entered the crypto security space, with groups like the pro-Israel hacker collective Predatory Sparrow targeting Iranian exchanges. In the DeFi sector, Resupply lost $9.6 million in a price manipulation exploit involving synthetic assets. Meanwhile, British hacker Kai West was indicted in the US for selling stolen data through BreachForums, raking in millions in Bitcoin and Monero. Crypto Theft Soars in 2025 Crypto-related cyberattacks surged to unprecedented levels in the first half of 2025, which resulted in a staggering $2.1 billion in losses. This is according to a new report from blockchain intelligence firm TRM Labs. The majority of these losses stemmed from private key exploits and front-end compromises, which together made up more than 80% of the value stolen across 75 separate incidents this year. These infrastructure-based attacks, which include compromising a user’s private seed phrase or exploiting vulnerabilities in a crypto platform’s interface, have proven to be particularly damaging as they typically net hackers ten times more value than other forms of cyberattacks. (Source: TRM Labs ) TRM Labs explained that these kinds of attacks leverage core weaknesses in cryptosystems and are frequently exacerbated by social engineering tactics that are designed to manipulate users. In addition to infrastructure breaches, protocol exploits were another key threat vector. These attacks, like flash loan exploits and re-entrancy vulnerabilities, accounted for 12% of total losses during the period and target the underlying smart contracts or logic of a blockchain protocol to steal money or destabilize operations. The scale of theft in H1 2025 already exceeds the previous half-year record that was set in 2022 by approximately 10% and is almost equal to the entire year’s total for 2024. A major driver of this year’s record-breaking losses was a $1.5 billion hack on the Dubai-based crypto exchange Bybit , which was attributed to North Korean state-backed hackers. That single incident represents around 70% of total funds stolen so far in 2025 and pushed the average hack size to nearly $30 million. This is double that of the previous year. State actors and politically motivated hacking groups seem to be playing a larger role in these attacks. TRM Labs pointed to the pro-Israel hacker collective Gonjeshke Darande , also known as Predatory Sparrow, which has possible links to the Israeli government and was responsible for a $100 million exploit on Iran’s largest exchange, Nobitex, in June. The report frames this escalation as a “pivotal shift” in the landscape of crypto hacking, where geopolitical intent increasingly underpins malicious activity. To address this mounting threat, TRM Labs called for a comprehensive overhaul of crypto security practices. This includes implementing multifactor authentication, using cold storage for funds, conducting regular audits, and enhancing detection of insider threats and social engineering attempts. More broadly, the firm pointed out that there is a need for international cooperation between law enforcement agencies, financial intelligence units, and blockchain analytics firms. According to TRM Labs, the first half of 2025 should serve as a wake-up call for the industry. Resupply Hit by $9.6M DeFi Exploit Unfortunately, crypto crime is showing no signs of stopping. Resupply, a decentralized finance (DeFi) protocol, recently confirmed a security breach in its wstUSR market that led to $9.6 million in losses. The exploit was the result of a price manipulation attack involving a synthetic stablecoin called cvcrvUSD. According to blockchain security firm Cyvers , the attacker inflated the share price in the ResupplyPair contract to borrow $10 million in reUSD using minimal collateral. The funds, initially sourced through Tornado Cash, were converted to Ethereum and distributed across two addresses. In response, Resupply paused the affected contracts and stated that only the wstUSR market was compromised. The protocol plans to release a full post-mortem after completing its investigation. Cyvers’ CTO Meir Dolev believes that the attack could have been avoided with better input validation, oracle checks, and real-time anomaly monitoring. This incident is part of the list of DeFi exploits in 2025. Hackers have increasingly shifted to social engineering, which was the case in a $2 million Bedrock UniBTC exploit in 2024 linked to a former Fuzzland employee who used insider access and supply chain attacks to carry out the breach. UK Hacker Busted for Selling Stolen Data Meanwhile, British national Kai West was recently indicted by the US Attorney’s Office for the Southern District of New York for allegedly operating under the alias “IntelBroker” and selling stolen data on cybercrime forums, leading to over $25 million in damages. West is accused of conspiring with a cybercriminal group known as CyberN***ers to hack into and steal data from more than 40 companies, including a telecom provider, a municipal healthcare system, and an internet service provider. (Source: US Attorney’s Office ) The charges stem in part from an undercover law enforcement operation where an agent purchased stolen credentials from IntelBroker for $250 in Bitcoin. The data included administrative-level usernames and passwords. West allegedly offered data stolen in these breaches for sale for over $2 million and was active on the notorious BreachForums platform between January of 2023 and February of 2025. He was reportedly responsible for at least 158 threads advertising stolen data, 41 of which involved companies based in the United States. Sixteen of those posts contained explicit price listings, amounting to at least $2.4 million. West also accepted payments in the privacy-focused cryptocurrency Monero. According to authorities, his activity on BreachForums escalated to the point where he was identified as the platform’s owner starting in August 2024. He was arrested in France earlier this year, and US authorities are now seeking his extradition. Law enforcement officials, including former SEC Chair Jay Clayton and FBI Assistant Director Christopher Raia, placed a lot of emphasis on the severity of the crimes. Raia described West as a “serial hacker” who profited millions from illicit activities. The case now adds to a growing list of high-profile cybersecurity incidents, including a recent breach affecting Coinbase . That incident involved the unauthorized access of customer data by overseas support agents, which led to a $20 million extortion attempt.

Source: Coinpaper