Web3 platforms have experienced a significant loss of $3.1 billion in the first half of 2025 due to various exploits and scams, surpassing the total losses seen in 2024. The primary causes of these losses were access control failures, phishing attacks, and smart contract vulnerabilities, highlighting the ongoing security challenges in the Web3 space.
One alarming trend identified in the Hacken 2025 Half-Year Web3 Security Report is the sharp increase in AI-related attack vectors, which rose by a staggering 1,025% compared to the previous reporting period. These attacks targeted the inference layers and APIs of AI systems, exploiting issues such as insecure API design, improper model access restrictions, and weak user input filtering.
The report highlighted several major incidents that contributed to the total losses, including the $290 million Munchables breach and the $136 million Pike Finance series of attacks. Additionally, the Uniswap V4 ecosystem experienced a significant exploit resulting in a $12 million loss. Ethereum accounted for the majority of losses at 61.4%, followed by BNB Chain and Arbitrum at 20.2% and 11.4%, respectively.
As the complexity of Web3 environments continues to grow, the need for enhanced security measures becomes more pressing. The report emphasized the importance of continuous monitoring and automated defense systems to mitigate emerging threats. It also underscored the inadequacy of traditional auditing practices in addressing the evolving security landscape of Web3 platforms.
DeFi protocols were the most targeted in the first half of 2025, accounting for nearly 69% of all incidents. While CeFi incidents were less frequent, they tended to result in higher individual losses. The report also noted a convergence of financial and infrastructure attack vectors, highlighting the interconnected nature of security risks in the Web3 ecosystem.
The rise of AI-driven exploits underscores the challenges facing the crypto industry, with the rapid adoption of advanced technologies outpacing security frameworks. Geopolitical actors and financially motivated groups are increasingly targeting blockchain infrastructure, necessitating greater coordination between Web3-native firms, national agencies, and cybersecurity vendors to address these evolving threats.
Regulatory frameworks like MiCA or the EU AI Act may play a crucial role in shaping future Web3 security practices by imposing governance and monitoring standards that prioritize cybersecurity. Smaller protocols are particularly vulnerable to complex attacks due to limited resources and reliance on third-party tools, highlighting the need for clearer defensive standards as AI integrations expand.
Overall, the Hacken report serves as a stark reminder of the urgent need for enhanced security measures in the Web3 space to safeguard against the growing threats posed by exploits and scams. By implementing proactive security measures and fostering collaboration between stakeholders, the industry can work towards a more secure and resilient Web3 ecosystem.