2.7B Stolen in Crypto Hacks — and North Korea’s Behind Half of It

💣 It’s only July, and 2025 is already the worst year in crypto security history.

⚡ Quick Hits

• 💰 2.73B stolen in H1 2025 — up 113% YoY
• 🇰🇵 North Korea’s Lazarus Group responsible for 1.47B (53.7%)
• 🧨 Bybit hack = second-largest ever
• 🏦 CeFi platforms hit hardest — 70% of all losses
• 🔓 Ethereum + BNB Chain = most exploited blockchains
• 🔧 “Wrench attacks” and malware rising in real-world wallet thefts
• 📉 Only 2% of losses came from scams — 98% were direct hacks

💸 The Billion-Dollar Breakdown

Crypto just blew past 2.73 billion in thefts — and it’s not even Q3.

According to Immunefi, H1 2025 saw more funds drained than in all of 2022 or 2023. It’s a 113% jump from H1 2024, when “just” 1.26B vanished.

Leading the chaos? One brutal hack:

• Bybit lost 1.47B in a single exploit
• Lazarus Group is the prime suspect
• That attack = 53.7% of total global losses

This isn’t a trend. It’s an escalation.

🇰🇵 Lazarus Group: Back With a Bang

North Korea’s infamous Lazarus Group is back in business.

After a quiet 2023, the group stormed 2025 by allegedly pulling off the second-largest hack in crypto history — right behind the 3.8B Ronin Bridge exploit (also Lazarus, 2022).

Analysts say Lazarus is now laser-focused on centralized hot wallets, where billions sit vulnerable behind a single point of failure. Bybit’s breach? Likely due to weak hot wallet security — the exact vulnerability Lazarus specializes in.

🏦 CeFi = Centralized Failures

Forget DeFi exploits — centralized platforms are the new weak link.

• CeFi made up over 70% of all crypto losses in H1
• DeFi? More secure by comparison
• Smart contracts may be tight, but exchanges and custodians? Not so much

“CeFi remains the most targeted and most vulnerable,” said Immunefi CEO Mitchell Amador. “Single points of failure attract nation-state actors like Lazarus.”

If the industry thought decentralization alone was the answer — this is the wake-up call.

🧱 Wrenches, Malware & Real-World Attacks

Cyber threats aren’t just digital anymore.

“Wrench attacks” — physical assaults where thieves force users to unlock wallets — are on the rise, especially in high-adoption, low-enforcement zones.

Meanwhile, Redline and RisePro malware are stealing:

• Seed phrases
• 2FA credentials
• Passwords and wallet data

The threat has moved from Discord DMs to home invasions and keyloggers.

🔗 Ethereum & BNB Chain Still in the Crosshairs

Smart contract hacks continue to hit the top dogs:

• Ethereum + BNB Chain = majority of on-chain exploits
• Still, 90% of all stolen funds came from CeFi vulnerabilities

Translation: the most dangerous exploits aren’t even on-chain anymore.

🧨 Is 2025 the Most Dangerous Year in Crypto History?

All signs say yes.

• 2.73B already gone
• Bybit hack dwarfs most DeFi exploits
• Lazarus is active again
• CeFi platforms remain soft targets

Immunefi warns:

“A single major CeFi exploit can wipe out more value than dozens of DeFi hacks combined.”

We’re not in the 2020s DeFi drama anymore. This is nation-state warfare on centralized rails.

🛡️ What Needs to Happen — Now

Security experts are sounding alarms across the board. Their fix-it list:

• ✅ Real-time monitoring + audits for CeFi platforms
• 💰 Mandatory insurance reserves or Proof-of-Reserves
• 🔒 Push for hardware wallets + self-custody education
• 🌍 International collaboration on cybercrime enforcement

It’s not just about blockchain security anymore — it’s about protecting the people and the pipes.

⚡ TL;DR

• 💣 2.73B stolen in H1 2025 — record-breaking losses
• 🇰🇵 Lazarus Group blamed for 1.47B Bybit hack
• 🏦 CeFi platforms = 70% of losses — worse than DeFi
• 🔧 Wrench attacks + malware growing threat to individuals
• 🔗 Ethereum & BNB still top targets — but real risk is off-chain
• 🚨 2025 on track to become most dangerous year in crypto security
• 🛠️ Experts call for audits, insurance, custody education, and global coordination