Web3.0 Security Report: Nearly $2.5 billion in losses in the first half of 2025, the situation is severe

A recently released Web3.0 security report reveals the severe security situation facing the industry in the first half of 2025. Data shows that losses due to security incidents in just the first half of the year approached $2.5 billion, exceeding the total from last year. Although the second quarter showed some improvement compared to the first quarter, overall security threats continue to evolve and escalate.

Key Data

Q2 2025

• A total of 144 on-chain security incidents occurred, with total losses of approximately $800 million.
• Total losses decreased by 52.1% compared to the previous quarter, with 59 fewer security incidents.
• Phishing attacks caused the largest losses, with 52 incidents leading to approximately $400 million stolen.
• Code vulnerability attacks followed, with 47 incidents causing losses of approximately $240 million.
• About $180 million of stolen funds has been recovered, with a net loss of approximately $620 million.

first half of 2025

• A total of 344 security incidents, with cumulative losses of 2.47 billion US dollars.
• The most severe losses were caused by wallet thefts, with 34 incidents resulting in losses of approximately $1.71 billion.
• Phishing has become the most frequent type of attack, with 132 incidents resulting in losses of approximately $410 million.
• Approximately $190 million of stolen funds have been recovered, with a net loss of about $2.29 billion.

Security Trend Analysis

In the first half of this year, the cumulative net loss reached $2.29 billion, surpassing last year's total of $1.98 billion. However, it is important to note that about $1.78 billion of the losses were concentrated in two major events. Excluding these two incidents, the overall loss for the industry stands at $690 million, and the risk landscape still needs to be viewed dialectically.

From the perspective of attack methods, the issue of private key leaks, which is highly regarded in 2024, has significantly decreased in the first half of 2025. However, phishing attacks have surged, becoming the most threatening form of attack currently. As phishing techniques become increasingly covert and deceptive, users urgently need to enhance their security awareness:

• Avoid clicking on unknown links
• Carefully verify the website domain name
• Enable Multi-Factor Authentication
• It is recommended to use a hardware wallet for private key management.

Industry Regulatory Dynamics

In the first half of 2025, several far-reaching regulatory and market developments occurred globally:

• The United States has abolished its previous digital asset policy, prohibiting the government from issuing CBDCs and introducing a new regulatory framework.
• The United States establishes a strategic Bitcoin reserve, utilizing confiscated assets to create a national-level cryptocurrency reserve.
• The European Union's Markets in Crypto-Assets Regulation (MiCA) comes into full effect.
• Hong Kong has passed legislation related to stablecoins, requiring issuers to obtain licenses and have a clear redemption mechanism.
• India announces the release of a regulatory policy document for digital assets
• Pakistan has established its first Bitcoin reserve and is building energy infrastructure to support cryptocurrency mining.
• Circle launches IPO, Tether expands into the commodity-backed stablecoin application field and invests heavily in Latin America.

This report provides a comprehensive security situation analysis for the industry, helping all parties to formulate more targeted security strategies and jointly maintain the healthy development of the Web3.0 ecosystem.