More than $ 3.1 billion in crypto was lost in the first half of 2025 due to problems such as intelligent contract bugs, access control vulnerabilities, carpet prints and scams, according to a report by the security auditor of the Hacken blockchain.
This figure already exceeds The total of $ 2.85 billion compared to 2024. Although the hacking of $ 1.5 billion in February may be an aberrant value, the wider cryptography sector continues to deal with security challenges.
The distribution of the types of losses remains largely consistent with the trends observed in 2024. The access control exploits were the main engine of the losses, representing approximately 59% of the total. Intelligent subcontracting vulnerabilities have contributed to around 8% of losses, with $ 263 million stolen.
Yehor Rudytsia, chief of criminalic and response to incidents in Hacken, told Cointtelegraph that they had observed a significant exploitation of GMX V1, his obsolete code base being targeted from the third quarter of 2025.
“Projects must worry about their old or inherited basis for code if it has not been prevented from working completely,” said Rudytsie.
As the cryptographic space matures, the attackers moved from the exploitation of cryptographic defects towards the targeting of human weaknesses and at the level of the process. These sophisticated techniques include blind signature attacks, private key leaks and elaborate phishing campaigns.
In relation: $ 2.1b stolen crypto in 2025 while hackers go to user code to users: Certik
This evolutionary landscape highlights a crucial vulnerability: access control in crypto remains one of the most underdeveloped and most risky areas, despite increasing technical guarantees.
DEFI and intelligent contracts expose vulnerabilities
Operational security defects were responsible for the majority of losses, with $ 1.83 billion stolen from decentralized (DEFI) and centralized finance platforms (CEFI). The incident outside competition in the second quarter was the Hack Cetus, where $ 223 million was drained in just 15 minutes, marking the worst quarter of Defi since the beginning of 2023 and interrupting a downward trend of five quarters in the losses related to the feat.
Before that, the fourth 2024 and the T1 2025 saw a domination of access control failures, eclipses most of the buckets based on bugs. However, this quarter experienced loss of access control in deffi falls at only $ 14 million, the lowest since the second quarter of 2024, although the exploits of Smart contract increased.
Cetus’ attack has exploited a vulnerability to overflow control in its liquidity calculation. The striker used a flash loan to open tiny positions, then swept 264 pools. If surveillance of the total value in real time (TVL) with an automatic break had been implemented, up to 90% of the funds could have been saved, according to Hacken.
AI represents a growing threat to cryptography security
AI and major language models (LLMS) are deeply integrated into web2 and web3 ecosystems. Although this integration triggers innovation, it also widens the attack surface, introducing new and scalable security threats.
AI -related exploits jumped 1,025% compared to 2023, with 98.9% of these attacks related to unsecured APIs. In addition, five main vulnerabilities and common exhibitions linked to AI have been added to the list, and 34% of web3 projects now deploy AI agents in production environments, making it a growing target for attackers.
Traditional cybersecurity frameworks – including ISO / IEC 27001 and the Cybersecurity NIST – are not yet equipped to deal with the unique risks at AI, such as the hallucination of the model, rapid injection and poisoning with contradictory data. Hacken said that these standards were to evolve to reflect specific threats to AI now faced with Web3.
https://www.youtube.com/watch?v=ndv0rfehetq
Review: Coinbase Hack shows that the law will probably not protect you: here is why
