New York, July 1, 2025 — In a detailed analysis of the evolving threats in the blockchain ecosystem, CertiK, a prominent blockchain security firm, disclosed alarming figures in its H1 2025 Hack3d Report. The report paints a concerning picture, revealing more than $2.47 billion stolen through various scams, hacks, and technological exploits within the first half of the year. This figure marks a significant increase over 2024's total losses of $2.42 billion.
Rising Threats and Major Incidents
In the latest findings, CertiK outlines that the majority of losses—$1.78 billion or 72%—stem from two catastrophic breaches involving Bybit and the Cetus protocol. Excluding these high-profile incidents, yearly losses would be dramatically lower, at about $690 million. This highlights the immense impact individual breaches can have on the market.
Predominant Attack Vectors
The first half of 2025 saw wallet compromises emerge as the leading attack vector, with $1.71 billion siphoned off across 31 incidents. Phishing attacks followed closely, responsible for $410.7 million in losses over 132 incidents. Code vulnerabilities also contributed significantly, costing $283 million across 114 attacks.
Blockchain Platforms Under Siege
Ethereum, a leading blockchain network, experienced the heaviest fiscal damage, reporting losses of $1.59 billion spread over 164 incidents. Bitcoin was also significantly targeted, with $373.69 million lost in just 10 incidents, underscoring the persistent vulnerability across major cryptocurrencies.
Quarterly Breakdown: Q2 2025
CertiK's report reveals that Q2 2025 accounted for $801 million of the year’s total losses, though this reflects a 52.1% decrease from the first quarter. Phishing attacks dominated the quarter, extracting $395.06 million through 52 attacks. The average financial hit per incident stood at $4.21 million, with a median of just under $104,000.
In-Depth Analysis: Losses by Attack Type and Blockchain
The report provides a granular look by attack type in Q2:
- Phishing: $395.06 million, 52 incidents
- Code Vulnerability: $235.78 million, 47 incidents
- Access Control Flaws: $36.19 million, 14 incidents
- Price Manipulation: $17.43 million, 13 incidents
- Wallet Compromise: $112.04 million, 9 incidents
- Exit Scams: $358,235, 4 incidents
By blockchain, significant losses were reported in:
- Bitcoin (BTC): $373.64 million, 9 incidents
- Ethereum: $65.37 million, 70 incidents
- Multiple Chains: $111.46 million, 6 incidents
Major Incidents and Recovery
Beyond Bybit, which suffered a staggering $1.45 billion theft, and Cetus with $225.68 million lost, other notable incidents included Nobitex and ALEX Lab, highlighting various vulnerabilities across different digital infrastructures.
Despite the substantial financial setbacks, some recovery has been made. A total of $187.34 million was recovered, adjusting the net loss to approximately $2.29 billion for the first half of 2025.
Industry Implications
Co-Founder Ronghui Gu remarked on the importance of these findings, emphasizing the necessity for continued diligence in digital security practices. "This report reinforces the need for a comprehensive, multi-layered security strategy that includes robust code audits, real-time monitoring, and heightened employee training," said Gu. "The industry must treat security as an uncompromising priority."
These findings underscore an urgent call to action for the blockchain and cryptocurrency ecosystems to strengthen defenses and mitigate future risks. Stakeholders must remain vigilant as the digital landscape continues to evolve with new, sophisticated threats.
You can find the Korean version of this article here.
Tag
