The year 2025 has been a tumultuous one for the crypto industry, with over $3.1 billion lost to hacks and scams in just six months. This staggering figure surpasses the total losses from the entire previous year, highlighting the growing threat to Web3 security.
One of the most significant incidents was the February Bybit exploit, which saw a record-breaking $1.46 billion stolen due to a compromised signer. This breach exposed vulnerabilities in the platform’s security protocols and raised concerns about the safety of digital assets.
In addition to the Bybit hack, several other high-profile incidents shook the industry. The Infini protocol exploit, where a former developer exploited security weaknesses to steal $50 million, and the zkSync theft of $5 million due to a flawed multisig setup, further underscored the need for robust security measures.
DeFi platforms also faced significant losses due to smart contract bugs, with $263 million drained from vulnerabilities. The Cetus exploit in May, which drained $223 million due to a liquidity range logic flaw, highlighted the dangers of unchecked code vulnerabilities in decentralized finance.
Phishing and social engineering attacks also reached new heights in 2025, with approximately $600 million stolen through fraudulent schemes. A particularly egregious case involved an elderly U.S. investor losing $330 million in BTC to a sophisticated scam, emphasizing the need for user education and awareness.
Coinbase users were also targeted in a data breach that saw fraudsters posing as support staff to deceive customers into revealing sensitive information. This incident alone resulted in losses exceeding $100 million, showcasing the effectiveness of social engineering tactics in exploiting trust.
AI-related exploits also saw a significant increase, with over 1000% more incidents compared to previous years. Insecure APIs and advanced techniques like prompt injection and fake agents were used to bypass security measures, highlighting the need for ongoing vigilance in the face of evolving threats.
Overall, the first half of 2025 has been a challenging period for Web3 security, with a surge in hacks, scams, and breaches threatening the integrity of the crypto industry. As the landscape continues to evolve, it is essential for stakeholders to prioritize security measures and stay vigilant against emerging threats.