In the first six months of 2025, the cryptocurrency sector has suffered thefts exceeding $2 billion, marking the highest ever recorded for this period. The findings, based on verified research from industry watchdogs, highlight a sharp rise in both the frequency and scale of digital asset breaches.
Surge in Attacks: Over 75 Major Incidents
Between January and June, at least 75 confirmed hacks and exploits were reported. These incidents collectively amounted to around $2.1 billion in losses, surpassing previous mid-year records. Losses of over $100 million occurred in multiple months, indicating that the threat is persistent and widespread, not isolated to one-off events.
A Single Breach Makes Up Majority of Losses
One particular cyberattack early in the year stood out for its scale. In February 2025, a high-profile breach of a crypto exchange caused losses estimated at $1.5 billion, accounting for nearly 70% of total thefts in the first half of the year. This incident has skewed the average size of each attack upward to $30 million, double what it was during the same period last year. However, large-scale thefts have continued even outside this major event, showing a broader trend of growing risk.
Geopolitical Dimensions: Government-Linked Groups Involved
Cybercrime experts have attributed a substantial share of these losses—approximately $1.6 billion to attackers allegedly tied to nation-states. Analysts suggest these operations may be used to bypass economic restrictions or finance state agendas. The involvement of politically motivated groups points to the increasingly strategic nature of cyber theft in the crypto space.
A separate incident in June targeted a leading exchange in the Middle East, resulting in nearly $90 million in losses. Investigators believe this attack may have had symbolic motives, as funds were transferred to unusable wallets, hinting it wasn’t purely financially driven.
Methods of Attack: Internal Weaknesses Prove Costly
Reports reveal that infrastructure-based breaches, such as stolen private keys, employee collusion, and vulnerabilities in user-facing systems were responsible for over 80% of the losses. These types of attacks tend to cause far more financial damage than technical bugs in blockchain code.
While smart contract vulnerabilities, including re-entrancy and flash loan exploits, still pose risks, they now represent a smaller share of total thefts. This is partly due to quicker response times and faster security patching in decentralized protocols.
Industry Response: The Call for Stronger Security
Experts are urging all crypto companies to reinforce their defenses. Key recommendations include storing assets offline (cold storage), using multi-factor authentication for all access points, and conducting regular audits. Addressing insider threats and improving staff awareness through training is also critical.
Additionally, collaboration between law enforcement agencies, financial crime units, and blockchain analysts has been identified as essential. Timely sharing of data and cross-border tracking could prove vital in curbing large-scale thefts as digital assets become more intertwined with national security concerns.
In an announcement published by Ahold Delhaize, a leading global food retailer, the company confirmed that a significant data breach has compromised the personal information of over 2.2 million people across several countries.
With nearly 10,000 stores located across Europe, the United States, and Indonesia, the company serves more than 60 million customers every week from all over the world, employing approximately 400,000 people. The office of the Maine Attorney General received a formal disclosure from Ahold Delhaize USA on Thursday, which stated that 2,242,521 individuals had been affected by a cybersecurity incident but did not disclose the extent of the breach to date.
According to preliminary indications, the breach may have affected a wide range of sensitive personal information aside from usernames and passwords. Information that is potentially compromised may include the full name, residential address, date of birth, identification numbers issued by the government, financial account information, and even protected health information.
Clearly, the scale and nature of this incident demonstrate that large multinational retailers are faced with a growing number of risks and that there is a need for improved cybersecurity measures to be taken in the retail industry. There was a cyber incident in late 2024 that was officially acknowledged by Ahold Delhaize USA last week. Ahold Delhaize USA has acknowledged this incident, revealing that the personal data of more than 2.2 million individuals may have been compromised as a result.
According to an official FAQ, based on current findings, the company does not believe that the intrusion affected its payment processing systems or pharmacy infrastructure, which are critical areas often targeted by high-impact cyberattacks. As further support for the disclosure, documentation submitted to the Maine Attorney General's Office indicated that approximately 100,000 Maine residents were affected by the breach as a whole.
As Ahold Delhaize USA operates multiple supermarket chains under the Hannaford brand in this region, this state-specific detail has particular significance, especially since the Hannaford brand is one of the most prominent supermarket brands in the region. It is not known yet how much or what type of data was exposed by the company, however, the widespread scope of the incident raises significant concerns about the potential misuse of personal information and the implications that could have on many individuals across multiple states.
As far as cyberattacks targeting Ahold Delhaize USA are concerned, this incident can be attributed to a broader pattern of rising threats within the grocery distribution and food industry in general. On November 8, 2024, the parent company of the retailer publicly acknowledged the security breach, and later in April 2025, the company's parent company confirmed that the attackers had accessed sensitive data related to individuals in the Netherlands, where the company is headquartered.
It was imperative that Ahold Delhaize USA temporarily disable portions of its internal systems during the initial stage of the incident as a precautionary measure. In addition to maintaining a significant global footprint, Ahold Delhaize operates more than 9,400 stores in Europe, the United States, and Indonesia. It is a leading multinational retailer and wholesale conglomerate with more than 9,000 stores worldwide.
It serves approximately 60 million consumers every week both physically and digitally through its network of more than 393,000 employees. By the year 2024, the company will report annual net sales of more than $104 billion, driven by a diverse portfolio of well-known retail brands that are part of a broad range of well-known retail brands. As an example of these, in the United States, users will find Food Lion, Stop and Shop, Giant Food, and Hannaford, while in Europe, it is represented by Delhaize, Maxi, Mega Image, Albert, Bol, Alfa Beta, Gall & Gall, and Profi among a variety of banners.
In November 2024, the company first announced its breach, stating that certain U.S.-based brands and operations, including pharmacy operations and segments of its e-commerce infrastructure, had been compromised as a result of the breach. According to a formal filing filed with the Maine Attorney General's Office on Thursday, cyberattackers gained unauthorized access to Ahold Delhaize USA’s internal business systems on November 6, 2024, and this resulted in sensitive data belonging to 2,242,521 individuals being compromised.
Although the company has not yet confirmed whether customer information was among the stolen data, it has confirmed that internal employment records were also stolen as part of the theft. Ahold Delhaize USA and its affiliated companies may have collected and stored personal information about current and former employees, raising concerns about the possibility of misuse of personal identifying information as well as employment information, among other things.
It is evident from the scale of this breach that large, interconnected retail networks face increasingly dangerous vulnerabilities, which underscores the need to enforce robust cybersecurity practices at all levels of an organisation. It has been discovered through further investigation into the breach that the compromised files might have contained very sensitive personal information in a wide variety of forms.
Ahold Delhaize USA Services has made it clear that the data could be potentially exposed includes the full names of individuals, their contact information (such as postal addresses, telephone numbers, and email addresses) along with their dates of birth and numerous forms of government-issued identification number, such as Social Security numbers, passport numbers, or driver’s license numbers.
The company also reported that, besides information about financial accounts, such as bank account numbers and medical information, which can be contained within employment files, there was also potentially confidential information concerning workers' compensation records and medical records. An unauthorised party has been able to gain access to employment-related records related to current and former employees.
After receiving a formal notification from the Attorneys General of California, Maine, and Montana regarding the breach on June 26, 2025, the company began sending notification emails to those affected by the breach. Ahold Delhaize USA Services has stated that those individuals who receive confirmation that their personal information has been compromised may be eligible for compensation under this policy.
Whenever such a data breach occurs, the effects can be far-reaching, as sensitive personal data may be used for identity theft, financial fraud, or malicious activities. It is widely understood by security experts that companies that collect and store sensitive information are bound by legal and ethical obligations to protect that information from unauthorised access. There is a possibility that affected individuals may be able to sue for damages that result from the misuse or exposure of their personal information when proper safeguards are not observed.
In light of the increasing frequency of these breaches, the importance of strengthening corporate data protection frameworks and swiftly addressing incidents is increasing. An organisation known as Inc Ransom, formerly linked with sophisticated ransomware campaigns, claimed responsibility for the cyberattack. It has been found that the group has participated in the cyberattack, raising further concerns about the methods used and the possibility that the stolen data may be exploited in the future.
There has been another cyberattack which has recently struck United Natural Foods, Inc., which coincided with the timing of Ahold Delhaize USA's complete disclosure of the exposure of personal information. In the wake of this breach, UNFI, a major grocery distributor in the United States, was forced to temporarily shut down several online systems, disrupting the fulfilment process and causing delays in delivering groceries to retailers.
After containing the incident, UNFI has also restored its electronic ordering and invoicing capabilities. These back-to-back breaches highlight the growing cybersecurity vulnerabilities in the retail sector and the supply chain sector, making it increasingly important for companies to develop coordinated defensive strategies to protect sensitive consumer and business data, both of which are in urgent need.
Further investigation by the US government revealed that these actors were working to steal money for the North Korean government and use the funds to run its government operations and its weapons program.
The US has imposed strict sanctions on North Korea, which restrict US companies from hiring North Korean nationals. It has led to threat actors making fake identities and using all kinds of tricks (such as VPNs) to obscure their real identities and locations. This is being done to avoid getting caught and get easily hired.
Recently, the threat actors have started using spoof tactics such as voice-changing tools and AI-generated documents to appear credible. In one incident, the scammers somehow used an individual residing in New Jersey, who set up shell companies to fool victims into believing they were paying a legitimate local business. The same individual also helped overseas partners to get recruited.
The clever campaign has now come to an end, as the US Department of Justice (DoJ) arrested and charged a US national called Zhenxing “Danny” Wanf with operating a “year-long” scam. The scheme earned over $5 million. The agency also arrested eight more people - six Chinese and two Taiwanese nationals. The arrested individuals are charged with money laundering, identity theft, hacking, sanctions violations, and conspiring to commit wire fraud.
In addition to getting paid in these jobs, which Microsoft says is a hefty payment, these individuals also get access to private organization data. They exploit this access by stealing sensitive information and blackmailing the company.
One of the largest and most infamous hacking gangs worldwide is the North Korean state-sponsored group, Lazarus. According to experts, the gang extorted billions of dollars from the Korean government through similar scams. The entire campaign is popular as “Operation DreamJob”.
"To disrupt this activity and protect our customers, we’ve suspended 3,000 known Microsoft consumer accounts (Outlook/Hotmail) created by North Korean IT workers," said Microsoft.
Qantas Airways has revealed that a cyber attack on one of its third-party service platforms may have compromised the personal data of up to six million customers. The breach was linked to a customer service tool used by a Qantas-operated call centre, and the airline confirmed that suspicious activity was detected earlier this week.
In an official statement, Qantas said a malicious actor gained access to this external platform, but the intrusion has since been contained. Investigations are ongoing to determine how much customer data was exposed, though initial findings suggest the impact could be significant.
The company confirmed that the exposed information may include customer names, contact numbers, email addresses, dates of birth, and frequent flyer membership numbers. However, Qantas clarified that no financial data—such as credit card details, bank information, or passport numbers—was stored on the affected system.
The airline also confirmed that sensitive account credentials, such as passwords, login PINs, and security information, were not accessed. Flight operations and the safety of air travel have not been affected by this breach.
Qantas Group CEO Vanessa Hudson addressed the incident, expressing regret over the situation. “Our customers place their trust in us to protect their personal data, and we deeply regret that this has occurred. We are contacting affected individuals directly and are committed to offering them full support,” she said.
To assist impacted customers, Qantas has launched a dedicated help centre offering expert guidance on identity protection. The support service is reachable at 1800 971 541 or +61 2 8028 0534 for international callers. Customers with upcoming flights have been assured that they do not need to take any action regarding their bookings.
Australian authorities have been notified, including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner (OAIC), and the Australian Federal Police. Qantas has pledged full cooperation with the agencies involved in the investigation.
Shadow Minister for Cyber Security Melissa Price commented on the breach during an interview with ABC, calling it a serious wake-up call for all Australian companies. She emphasized the need for transparency and continuous updates to the public when incidents of this scale occur.
This breach adds to a growing list of cybersecurity incidents in Australia. Other major organizations, including AustralianSuper and Nine Media, have also suffered data leaks in recent months.
Earlier this year, the OAIC reported that 2024 saw the highest number of recorded data breaches since tracking began in 2018. Australian Privacy Commissioner Carly Kind warned that the risks posed by cyber threats are growing and called on both private companies and public agencies to strengthen their defences.
As data breaches become more frequent and complex, cybersecurity remains a critical issue for businesses and consumers alike.
The surge in ransomware campaigns has compelled cyber insurers to rethink their security measures. Ransomware attacks have been a threat for many years, but it was only recently that threat actors realized the significant financial benefits they could reap from such attacks. The rise of ransomware-as-a-service (RaaS) and double extortion tactics has changed the threat landscape, as organizations continue to fall victim and suffer data leaks that are accessible to everyone.
According to a 2024 threat report by Cisco, "Ransomware remains a prevalent threat as it directly monetizes attacks by holding data or systems hostage for ransom. Its high profitability, coupled with the increasing availability of ransomware-as-a-service platforms, allows even less skilled attackers to launch campaigns."
Cyber insurance is helping businesses to address such threats by offering services such as ransom negotiation, ransom reimbursement, and incident response. Such support, however, comes with a price. The years 2020 and 2021 witnessed a surge in insurance premiums. The Black Hat USA conference, scheduled in Las Vegas, will discuss how ransomware has changed businesses’ partnerships with insurers. Ransomware impacts an organization’s business model.
At the start of the 21st century, insurance firms required companies to buy a security audit to get a 25% policy discount. Insurance back then used to be a hands-on approach. The 2000s were followed by the data breach era; however, breaches were less common and frequent, targeting the hospitality and retail sectors.
This caused insurers to stop checking for in-depth security audits, and they began using questionnaires to measure risk. In 2019, the ransomware wave happened, and insurers started paying out more claims than they were accepting. It was a sign that the business model was inadequate.
Questionnaires tend to be tricky for businesses to fill out. For instance, multifactor authentication (MFA) can be a complicated question to answer. Besides questionnaires, insurers have started using scans.
Threats have risen, but so have assessments, coverage incentives like vanishing retention mean that if policy users follow security instructions, retention disappears. Safety awareness training and patching vulnerabilities are other measures that can help in cost reductions. Scanning assessment can help in premium pricing, as it is lower currently.
In order to connect an individual user or entire network to the broader internet, a proxy server serves as an important gateway that adds a critical level of protection to the broader internet at the same time. In order to facilitate the connection between end users and the online resources they access, proxy servers act as intermediaries between them.
They receive requests from the user for web content, obtain the information on their behalf, and forward the information to the client. As a result of this process, not only is network traffic streamlined, but internal IP addresses can be hidden, ensuring that malicious actors have a harder time targeting specific devices directly.
By filtering requests and responses, proxy servers play a vital role in ensuring the safety of sensitive information, ensuring the enforcement of security policies, and ensuring the protection of privacy rights.
The proxy server has become an indispensable component of modern digital ecosystems, whether it is incorporated into corporate infrastructures or used by individuals seeking anonymity when conducting online activities. As a result of their ability to mitigate cyber threats, regulate access, and optimize performance, businesses and consumers alike increasingly rely on these companies in order to maintain secure and efficient networks.
Whether it is for enterprises or individuals, proxy servers have become a crucial asset, providing a versatile foundation for protecting data privacy, reinforcing security measures, and streamlining content delivery, offering a variety of advantages for both parties. In essence, proxy servers are dedicated intermediaries that handle the flow of internet traffic between a user's device and external servers, in addition to facilitating the flow of information between users and external servers.
It is the proxy server that receives a request initiated by an individual—like loading a web page or accessing an online service—first, then relays the request to its intended destination on that individual's behalf. In the remote server, a proxy is the only source of communication with the remote server, as the remote server recognizes only the proxy's IP address and not the source's true identity or location.
In addition to masking the user's digital footprint, this method adds a substantial layer of anonymity to the user's digital footprint. A proxy server not only hides personal details but also speeds up network activity by caching frequently requested content, filtering harmful or restricted content, and controlling bandwidth.
Business users will benefit from proxy services since they are able to better control their web usage policies and will experience a reduction in their exposure to cyber threats. Individuals will benefit from proxy services because they can access region-restricted resources and browse more safely.
Anonymity, performance optimization, and robust security have all combined to become the three most important attributes associated with proxy servers, which allow users to navigate the internet safely and efficiently, no matter where they are. It is clear from the definition that proxy servers and virtual private networks (VPNs) serve the same purpose as intermediaries between end users and the broader Internet ecosystem, but that their scope, capabilities, and performance characteristics are very different from one another.
As the name suggests, proxy servers are primarily created to obscure a user's IP address by substituting it with their own, thus enabling users to remain anonymous while selectively routing particular types of traffic, for example, web browser requests or application data.
Proxy solutions are targeted towards tasks that do not require comprehensive security measures, such as managing content access, bypassing regional restrictions, or balancing network loads, so they are ideal for tasks requiring light security measures. By contrast, VPNs provide an extremely robust security framework by encrypting all traffic between an individual's computer and a server, thus providing a much more secure connection.
Because VPNs protect sensitive data from interception or surveillance, they are a great choice for activities that require heightened privacy, such as secure file transfers and confidential communication, since they protect sensitive data from interception or surveillance. While the advanced encryption is used to strengthen VPN security, it can also cause latency and reduce connection speeds, which are not desirable for applications that require high levels of performance, such as online gaming and media streaming.
Proxy servers are straightforward to operate, but they are still highly effective in their own right. A device that is connected to the internet is assigned a unique Internet Protocol (IP) address, which works a lot like a postal address in order to direct any online requests. When a user connects to the internet using a proxy, the user’s device assumes that the proxy server’s IP address is for all outgoing communications.
A proxy then passes the user’s request to the target server, retrieves the required data, and transmits the data back to the user’s browser or application after receiving the request. The originating IP address is effectively concealed with this method, minimizing the chance that the user will be targeted, tracked, profiled, or tracked through this method.
Through masking network identities and selectively managing traffic, proxy servers play a vital role in maintaining user privacy, ensuring compliance, and enabling secure, efficient access to online resources. It has been shown that proxy servers have a number of strategic uses that go far beyond simply facilitating web access for businesses and individuals.
Proxy servers are effective tools in both corporate and household settings for regulating and monitoring internet usage and control. For example, businesses can configure proxy servers to limit employee access to non-work related websites during office hours, while parents use similar controls to limit their children from seeing inappropriate content.
As part of this oversight feature, administrators can log all web activity, enabling them to monitor browsing behaviour, even in instances where specific websites are not explicitly blocked. Additionally, proxy servers allow for considerable bandwidth optimisation and faster network performance in addition to access management.
The caching of frequently requested websites on proxies reduces redundant data transfers and speeds up load times whenever a large number of people request the same content at once. Doing so not only conserves bandwidth but also allows for a smoother, more efficient browsing experience. Privacy remains an additional compelling advantage as well.
When a user's IP address is replaced with their own by a proxy server, personal information is effectively masked, and websites are not able to accurately track users' locations or activities if they don't know their IP address. The proxy server can also be configured to encrypt web requests, keeping sensitive data safe from interception, as well as acting as a gatekeeper, blocking access to malicious domains and reducing cybersecurity threats.
They serve as gatekeepers, thereby reducing the risk of data breaches. The proxy server allows users, in addition to bypassing regional restrictions and censorship, to route traffic through multiple servers in different places. This allows individuals to access resources that would otherwise not be accessible while maintaining anonymity. In addition, when proxies are paired up with Virtual Private Networks (VPN), they make it even more secure and controlled to connect to corporate networks.
In addition to forward proxies, which function as gateways for internal networks, they are also designed to protect user identities behind a single point of entry. These proxies are available in a wide variety of types, each of which is suited to a specific use case and specific requirements.
It is quite common to deploy transparent proxies without the user's knowledge to enforce policies discreetly. They deliver a similar experience to direct browsing and are often deployed without the user's knowledge. The anonymous proxy and the high-anonymity proxy both excel at concealing user identities, with the former removing all identifying information before connecting to the target website.
By using distortion proxies, origins are further obscured by giving false IP addresses, whereas data centre proxies provide fast, cost-effective access with infrastructure that is not dependent upon an internet service provider. It is better to route traffic through authentic devices instead of public or shared proxies but at a higher price. Public or shared proxies are more economical, but they suffer from performance limitations and security issues.
SSL proxies are used to encrypt data for secure transactions and improve search rankings, while rotating proxies assign dynamic IP addresses for the collection of large amounts of data. In addition, reverse proxies provide additional security and load distribution to web servers by managing incoming traffic. Choosing the appropriate proxy means balancing privacy, speed, reliability, and cost. It is important to note that many factors need to be taken into account when choosing a proxy.
The use of forward proxies has become significantly more prevalent since web scraping operations combined them with distributed residential connections, which has resulted in an increasing number of forward proxies being created. In comparison to sending thousands of requests for data from a centralized server farm that might be easily detected and blocked, these services route each request through an individual home device instead.
By using this strategy, it appears as if the traffic originated organically from private users, rather than from an organized scraping effort that gathered vast amounts of data from public websites in order to generate traffic. This can be achieved by a number of commercial scraping platforms, which offer incentives to home users who voluntarily provide a portion of their bandwidth via installed applications to scrape websites.
On the other hand, malicious actors achieve a similar outcome by installing malware on unwitting devices and exploiting their network resources covertly. As part of regulatory mandates, it is also common for enterprises or internet service providers to implement transparent proxies, also known as intercepting proxies. These proxies quietly record and capture user traffic, which gives organisations the ability to track user behaviour or comply with legal requirements with respect to browsing habits.
When advanced security environments are in place, transparent proxies are capable of decrypting encrypted SSL and TLS traffic at the network perimeter, thoroughly inspecting its contents for concealed malware, and then re-encrypting the data to allow it to be transmitted to the intended destination.
A reverse proxy performs an entirely different function, as it manages inbound connections aimed at the web server. This type of proxy usually distributes requests across multiple servers as a load-balancing strategy, which prevents performance bottlenecks and ensures seamless access for end users, especially during periods of high demand. This type of proxy service is commonly used for load balancing.
In the era of unprecedented volumes of digital transactions and escalating threat landscape, proxy servers are more than just optional safeguards. They have become integral parts of any resilient network strategy that is designed for resilience. A strategic deployment of proxy servers is extremely important given that organizations and individuals are moving forward in an environment that is shaped by remote work, global commerce, and stringent data protection regulations, and it is imperative to take proper consideration before deploying proxy servers.
The decision-makers of organizations should consider their unique operational needs—whether they are focusing on regulatory compliance, optimizing performance, or gathering discreet intelligence—and choose proxy solutions that align with these objectives without compromising security or transparency in order to achieve these goals.
As well as creating clear governance policies to ensure responsible use, prevent misuse, and maintain trust among stakeholders, it is crucial to ensure that these policies are implemented. Traditionally, proxy servers have served as a means of delivering content securely and distributing traffic while also fortifying privacy against sophisticated tracking mechanisms that make it possible for users to operate in the digital world with confidence.
As new technologies and threats continue to develop along with the advancement of security practices, organizations and individuals will be better positioned to remain agile and protect themselves as technological advancements and threats alike continue to evolve.