Crypto Hacks in H1 2025 Exceed $2.2B

The crypto industry lost over $2.2 billion in the first half of 2025 due to hacks, scams, and security breaches, surpassing the total losses of 2024, according to CertiK’s H1 2025 “Hack3d” Web3 Security Report.

CertiK recorded 344 on-chain incidents between January and June. Wallet breaches accounted for $1.7 billion in just 34 cases, while phishing scams caused $410 million across 132 incidents.

The largest exploit occurred in February when Bybit lost $1.5 billion in a wallet breach involving staked ETH. In May, Cetus Protocol was exploited for $225 million via a smart contract bug, although $162 million was later recovered by Sui validators.

Ethereum Targeted Most; Code Bugs Surge

Ethereum was the most attacked blockchain, with 175 incidents leading to $1.6 billion in losses. Smart contract vulnerabilities alone caused $229 million in May, up sharply from just $5 million in April.

CertiK also flagged an increase in physical attacks, with 32 cases involving violence, kidnappings, and ransom attempts. France saw the most incidents, including an attempted kidnapping involving the family of Paymium’s CEO.

Funds Recovered, But Risks Mount

Approximately $187 million was recovered through whitehat efforts, law enforcement, and exchange cooperation. However, with attacks becoming more complex and violent, stronger security practices are urgently needed.

A key vulnerability remains poor private key management. Keys are often stored insecurely, unencrypted, or controlled by one person, making them easy targets for hackers. This single point of failure has contributed to billions in losses and remains one of the crypto industry’s biggest risks.

FAQs