Quantum IT, this sword of Damocles on the crypto sector, is still not a reality. However, a much more immediate danger strikes full whip: the massive attacks targeting the faults of the system. In 2025, more than $ 2.1 billion was stolen in six months. If blockchain remains a promising future, it is undermined by increasing vulnerabilities, putting the sector under increasing pressure.
In short
- Infrastructure attacks mainly target private keys and user recovery phrases.
- In 2025, North Korea was responsible for almost 70 % of flights.
- Hackers also attack the DEFI protocols, with attacks on smart contracts.
- International cooperation is essential to stop these geopolitical cyber attacks and secure the sector.
Invisible offenses: attacks on crypto infrastructure
There is no longer any question of small crypto flights. THE Infrastructure attacks dominate the landscape in 2025, representative more than 80 % of losses. Behind this figure, a much darker reality: theft of private keys and recovery sentences. These essential elements for cryptos are the ideal front door for hackers. If you thought that the decentralization and safety of the protocols were sheltered, think again.
In a recent reportTRM Labs does not mince his words:
These attacks exploit structural weaknesses of cryptographic systems and are amplified by increasingly sophisticated social engineering techniques.
Theft of private keys becomes a standard. L'Bybit attack In February 2025, allocated to a North Korean group, stole $ 1.5 billion, a colossal amount that alone represents Almost 70 % of losses of the year. The attacks are increasingly precise, and the impact on the reputation of the crypto sector is devastating.
Hackers are only attacking large crypto platforms, but also to end userswhich become the target of hacks via phishing attacks or human errors.
When states enter the game
Cyberattacks are no longer the prerogative of simple criminals. From now on, These are states that often draw the strings. Bybit's attack is only the tip of the iceberg. Behind this monumental hack hides the will to North Korea to divert funds to finance its geopolitical ambitions. But it's not just North Korea.
Other state actors, such as those linked to Israelalso showed that they were no longer content to carry out attacks for financial gain. They now act for political reasons, using cryptos as a means of pressure.
A TRM Labs analyst summarizes it as follows:
It is no longer a simple flight, but a geopolitical tool. Cryptocurrencies become a weapon in very real conflicts.
THE state attackslike that of the group Gonjeshke Darande In June 2025, showed the new dimension of cyber attacks. This group, possibly linked to Israel, targeted the Iranian crypto exchange Nobitex for strictly geopolitical reasonsnon -financial. The flight was not to reinject funds, but to send A strong message to a country under international sanctions. Crypto-vols are no longer only crimes, but strategic maneuvers.
Some striking figures from the 2025 attacks:
- $ 2.1 billion: total funds stolen in 2025 via 75 separate hacks;
- 80 % of losses: stolen during attacks on critical infrastructure (private keys, recovery sentences or seed phrase);
- $ 1.5 billion: stolen during the bybit hack in February, a feat awarded to a North Korean group;
- $ 30 million: average amount per hack, a figure that doubled compared to 2024;
- 12 % of losses: linked to attacks on DEFI protocols (Flash Loans, Re-Entrancy).
Secure crypto: a global challenge that requires a collective response
The challenge is size, and the only acceptable response is collective. Trm Labs insists on the need to adopt robust security solutions : Multi-Factory Authentication (MFA), cold storage, regular audits, and detection of internal threats. But real protection involves international cooperation.
The crypto sector must prepare for a coordinated response. A global security strategy is the only way to counter these sophisticated and often geopolitical attacks.
TRM Labs
There collaboration between blockchain companies, governments, and the police is more than a wish, it is a necessity. We must pool knowledge, technologies and actions to dismantle these criminal networks. Bybit's attack has shown how vital to adopt a proactive and multilateral defense strategy. Without this, the attacks will continue to multiply and inflict colossal losses.
The actions necessary for a reinforced defense:
- MFA (Multi-Factor Authentication) : essential for any crypto transaction;
- Cold storage digital assets: a simple but effective measurement;
- Regular audits safety: to avoid flaws;
- Internal threats : be vigilant in the face of access compromise;
- International collaboration : Industry must join forces with the authorities.
Although the threat of Q-Day, where the web3 could become vulnerable, remains present, solutions emerge to secure the sector. Noris Protocol, aimed at becoming the new digital shield against cybermenaces, is positioning itself as a proactive and essential response to anticipate these increasing attacks, thus reinforcing the security of the crypto ecosystem against increasingly sophisticated threats.
Maximize your Cointribne experience with our 'Read to Earn' program! For each article you read, earn points and access exclusive rewards. Sign up now and start accumulating advantages.
