In the second quarter of 2025, the cryptocurrency and web3 sectors had to face a significant number of security violations, resulting in a total loss of 801.3 million dollars on 144 distinct incidents. This figure represents a decrease of 52.1% of the lost value compared to the previous quarter, the number of incidents also lowering 59. Despite these improvements, the losses adjusted for the quarter, after having represented $ 181 million in funds recovered, still amounted to $ 620.4 million. The average incident loss was $ 4.3 million, while the median loss was around $ 104,000.
Phishing attacks were the most damaging, with $ 395 million stolen on 52 incidents. The code vulnerabilities followed, causing $ 235.8 million in losses out of 47 incidents. Ethereum was particularly affected, with 70 incidents resulting in $ 65.4 million in losses. This network was a frequent target, with 175 incidents recorded in the first half of 2025, resulting in $ 1.63 billion in losses. The average incident loss for the first half of the year was $ 7.13 million, with a median loss of $ 89,026.
The wider safety trend may not be as serious as the raw figures suggest. Two major incidents – the hacking of Bordeau and the violation of the Cetus protocol – had about $ 1.78 billion in losses of the year. The hacking of Bybit, awarded to the Lazarus group of North Korea, involved the exploitation of the cold portfolio infrastructure of the exchange, resulting in a flight of more than $ 1.5 billion in ether. The violation of the Cetus protocol, on the other hand, was due to an overflow check in the project of liquidity calculation of the project, which leads to $ 225 million in losses. Without these two incidents, the total losses of the year would have been $ 690 million, indicating a more stable security environment.
Overall, the first half of 2025 experienced total losses of $ 2.47 billion on 344 incidents. Portfolio compromises were the most expensive, representing $ 1.71 billion in losses on 34 incidents. Phishing has remained the most frequent type of attack, with $ 410.7 million stolen on 132 incidents. These figures highlight the current challenges to secure the cryptocurrency ecosystem, despite certain improvements in the second quarter.
Social engineering scams, which target user behavior rather than technological defects, are increasing. These attacks, such as poisoning of the address, become more widespread as hackers focus on the exploitation of code vulnerabilities to manipulation of user confidence. This trend highlights the need for improved education for robust user and safety tools to mitigate these evolving threats.
In addition to phishing and code vulnerabilities, interoperability problems have also been identified as a significant risk. Transversal violations, which exploit vulnerabilities in interaction between different blockchain networks, led to $ 435 million in damages on 39 incidents in 2024.
The quarters of regulations offer a certain hope of improving security in the cryptocurrency sector. In the first quarter of 2025, the United States formed a strategic cryptocurrency reserve to store digital assets. The SEC also established a working group on the crypto to provide more proactive directives, moving away from a purely applied approach. These measures indicate an increasing institutional interest and recognition of the importance of security as the adoption of cryptocurrencies continues to grow.
