The blockchain industry faced significant challenges in the first half of 2025, with security incidents resulting in over $2.37 billion in losses. The DeFi sector bore the brunt of these attacks, accounting for a substantial portion of the financial losses. SlowMist’s mid-year report shed light on the various tactics employed by malicious actors to target both projects and individual users.
DeFi emerged as the primary target for attackers, with approximately $470 million in losses attributed to security incidents in this sector. However, centralized exchanges (CEX) also suffered significant losses, totaling $1.883 billion from just 11 incidents. This indicates that attackers are increasingly targeting high-value platforms for financial gain.
The report identified account compromises as the leading cause of security incidents, followed by vulnerabilities in smart contracts. These findings underscore the importance of robust security measures to protect user funds and digital assets.
In addition to attacks on projects, individual users also faced a growing threat from various fraud tactics. Phishing attacks leveraging the EIP-7702 contract delegation mechanism, deepfakes, Telegram fake safeguard scams, malicious browser extensions, LinkedIn recruitment phishing, social engineering attacks, backdoor supply chain attacks via low-cost AI tools, and unrestricted large language models were among the prevalent schemes targeting unsuspecting users.
The advancement of generative AI has enabled attackers to create increasingly sophisticated scams, such as deepfake videos and AI-generated content promoting fake investment schemes. These tactics prey on users’ trust and familiarity with prominent figures in the industry.
Furthermore, social engineering attacks have become more prevalent, with attackers impersonating legitimate entities to deceive users into compromising their sensitive information. Backdoor supply chain attacks via low-cost AI tools have also emerged as a significant threat, with developers unknowingly installing malicious npm packages that grant attackers remote access to their systems.
The report highlighted the misuse of unrestricted large language models (LLMs) to generate malicious content, including malware, phishing emails, fake project materials, and deepfake scams. These LLMs, when exploited by malicious actors, pose a serious risk to the security and integrity of the blockchain ecosystem.
Overall, the first half of 2025 saw a surge in security incidents and financial losses within the blockchain industry. Stakeholders must remain vigilant and implement stringent security measures to safeguard against evolving threats and protect user assets from malicious actors.