Join on WhatsApp
Join on Telegram
Rabat – According to Hacken’s 2025 Half-Year Web3 Security Report, the first half of 2025 was one of the most challenging periods in Web3 history. Losses on blockchain platforms hit $3.1 billion, already surpassing the total for all of 2024.
The report highlights a surge in attacks that take advantage of weak access controls, smart contract vulnerabilities, and social engineering tactics.
Access-control breaches alone cost $1.83 billion—about 59% of all incidents—making them the main reason for digital asset theft this year.
Hacken described the situation as a “wake-up call” for blockchain initiatives and stressed that cybersecurity is now a must-have for businesses as the industry grows and regulations become stricter.
Big hacks and more dangerous threats
The Bybit exploit was the biggest single attack. It cost the platform around $1.46 billion when attackers took over a wallet through a compromised signer interface.
A software error caused the Cetus protocol to lose $223 million in one of the greatest DeFi incidents to date, triggered by a coding bug that drained funds in just 15 minutes.
Other notable breaches included a $300 million rug pull linked to the $LIBRA token and a $12 million attack that took advantage of a vulnerability in Uniswap’s V4 hook.
Access-control losses showed a decline in the second quarter compared to the beginning of 2025, while phishing and social-engineering scams increased sharply.
Such scams cost around $600 million, or 19% of all losses, which is already exceeding the full-year figure for 2024.
One of the largest individual thefts occurred when an old man in the U.S. was tricked into sending $330 million in Bitcoin to scammers.
In the meantime, phone-based phishing efforts pretending to be “Coinbase support” exploited stolen client data to steal more than $100 million.
Hacken noted that these incidents illustrate the weakest link in Web3 security is human vulnerabilities, not cryptographic issues.
Strengthening Web3 security amid rising AI, DeFi, and smart contract risks
Smart contract flaws caused around 8% of all losses, equal to $263 million. The Cetus incident marked the worst DeFi quarter since early 2023, ending a five-quarter drop in such attacks.
Hacken reported that attackers were able to change systems and drain liquidity across platforms because of minor software mistakes, including not checking permissions.
In one case, the Cork Protocol exploit happened because developers changed Uniswap’s default permissions, which let attackers add malicious data and steal more than $12 million.
The report estimated that real-time transaction monitoring and automatic protections may have stopped up to 90% of the Cetus losses.
The paper also underscored that security problems related to AI have been rising quickly, with a 1,025% surge in such exploits since 2023. Most were tied to poor APIs or supply chains in AI technologies that were built into blockchain ecosystems.
Five new major AI-related vulnerabilities were listed, including a critical flaw in Langflow that allowed remote code execution across more than a thousand exposed instances.
Hacken urged Web3 projects to use AI-specific security frameworks like ISO/IEC 42001 and NIST AI RMF 1.0. They stressed that the threats of AI and blockchain are increasingly overlapping.
The paper says that Web3’s largest problem is not only technical, but also organizational. The area is vulnerable to attack due to weak governance, a lack of access control systems, and inadequate user protection.
Hacken said that crypto service providers that want to get regulatory licenses should follow standards like CCSS and ISO/IEC 27001.
They also added that security maturity needs to keep up with the growth of blockchain and the use of AI tools in decentralized networks.
“Projects that invest in resilience and security build trust, meet compliance, and protect digital innovation,” said Yevheniia Broshevan, Hacken’s co-founder and CBDO.
Read Also: Unity Patches Android Game Vulnerability that Threatened Crypto Users
