CertiK "Hack3d: Web3.0 Security Report for the Second Quarter and First Half of 2025" (with full report link)

CertiK's "Hack3d: Web3.0 Security Report for the Second Quarter and First Half of 2025" has been released. The report shows that in the first half of 2025 alone, the losses caused by security incidents are close to $2.5 billion; as of now, the total losses have exceeded the level of the whole year of last year. Overall, the security situation of Web3.0 is still severe, and the threat methods are still evolving and upgrading.

CertiK "Hack3d: Web3.0 Security Report for the Second Quarter and First Half of 2025" (with full report link)

CertiK's "Hack3d: Web3.0 Security Report for the Second Quarter and First Half of 2025" has been released. The report shows that in the first half of 2025 alone, the losses caused by security incidents are close to $2.5 billion; as of now, the total losses have exceeded the level of the whole year of last year. Overall, the security situation of Web3.0 is still severe, and the threat methods are still evolving and upgrading.

Key data

Second quarter of 2025:

  • In the second quarter of 2025, the Web3.0 industry experienced 144 on-chain security incidents, with a total loss of approximately $800 million. Compared with the previous quarter, the total loss decreased by approximately 52.1%, and the number of security incidents decreased by 59.

  • Phishing attacks were the most costly attack method this quarter, with 52 security incidents resulting in approximately $400 million stolen, followed by code vulnerability attacks, with 47 security incidents resulting in approximately $240 million stolen.

  • A total of approximately $180 million in stolen funds were recovered during the quarter, with a total net loss of approximately $620 million.

First half of 2025:

  • In the first half of 2025, a total of 344 security incidents occurred, with cumulative losses reaching US$2.47 billion.

  • Wallet theft caused the most serious financial losses in the first half of 2025, with 34 incidents causing losses of approximately $1.71 billion. The second largest attack method was phishing attacks, which had 132 security incidents and caused losses of approximately $410 million.

  • In the first half of 2025, the total amount of stolen funds recovered was approximately US$190 million, and the total net loss was approximately US$2.29 billion.

Security Trends

As of June 30, the cumulative net loss in 2025 was US$2.29 billion, which has exceeded the total net loss of US$1.98 billion last year. Although the overall data shows that the security situation is becoming increasingly severe; about US$1.78 billion of this year's losses are concentrated in two major incidents (Bybit and Cetus Protocol). Excluding these two incidents, the overall loss of the industry this year is US$690 million, and the risk pattern still needs to be viewed dialectically. From the perspective of attack methods, although private key leakage has attracted widespread attention in 2024, this problem has been significantly reduced in the first half of 2025. However, phishing attacks have surged and become the most threatening attack method at present. As phishing methods become increasingly covert and deceptive, users urgently need to improve their security awareness: avoid clicking on unknown links, carefully check the URL domain name, enable multi-factor authentication, and it is recommended to use hardware wallets for private key management.

Industry Trends

In addition to security incidents, the first half of 2025 also saw a number of regulatory and market developments with global impact that will profoundly impact the future direction of the crypto industry:

  • The United States abolished its previous digital asset policy through Executive Order No. 14178 , prohibiting any form of government issuance of CBDC (central bank digital currency) and introducing a new regulatory framework.

  • The United States has officially established a strategic Bitcoin reserve , using confiscated assets to build a national sovereign-level crypto asset reserve.

  • The EU's Markets in Crypto-Assets Directive (MiCA) has come into full effect, providing clear regulatory guidance for stablecoin issuance and crypto-asset service providers.

  • Hong Kong has passed stablecoin-related legislation , requiring issuers to obtain a license and have a clear redemption mechanism.

  • India announced that it will release a policy document on digital asset regulation.

  • Pakistan has established its first Bitcoin reserve and built energy infrastructure to support crypto mining.

  • Circle launched its IPO, while Tether expanded into commodity-backed stablecoin applications and made large investments in Latin America.

Conclusion

As the world's largest Web3.0 security company, CertiK has deep industry insights and has been providing various security incident analyses, security guides, annual and quarterly security reports to deliver key security information to the industry. Once the security report was released, it received high attention from the industry and was quickly reported and cited by core media in the Web3.0 field such as CoinDesk and Cointelegraph.

You are welcome to click here to read the full "Hack3d: Web3.0 Security Report for the Second Quarter and First Half of 2025" for more comprehensive analysis, insights and recommendations.

Share to:

Author: CertiK

This article represents the views of PANews columnist and does not represent PANews' position or legal liability.

The article and opinions do not constitute investment advice

Image source: CertiK. Please contact the author for removal if there is infringement.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
6 hour ago
10 hour ago
11 hour ago
17 hour ago
17 hour ago
20 hour ago

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读