Greater than $3.1 billion in crypto has been misplaced within the first half of 2025 as a result of points together with smart-contract bugs, access-control vulnerabilities, rug pulls and scams, in accordance with a report from blockchain safety auditor Hacken.
This determine already exceeds the full of $2.85 billion from all of 2024. Whereas the $1.5 billion Bybit hack in February might have been an outlier, the broader crypto sector continues to grapple with safety challenges.
The distribution of loss varieties stays largely in line with developments noticed in 2024. Entry-control exploits have been the first driver of losses, accounting for round 59% of the full. Good-contract vulnerabilities contributed to about 8% of the losses, with $263 million stolen.
Yehor Rudytsia, head of forensics and incident response at Hacken, advised Cointelegraph that they noticed vital exploitation of GMX v1, with its outdated codebase being focused beginning in Q3 2025.
“Initiatives need to care about their previous or legacy codebase if it was not stopped from working fully,” Rudytsia mentioned.
Because the crypto area matures, attackers have shifted focus from exploiting cryptographic flaws to focusing on human and process-level weaknesses. These subtle strategies embrace blind signing assaults, personal key leaks and elaborate phishing campaigns.
Associated: $2.1B crypto stolen in 2025 as hackers shift focus from code to users: CertiK
This evolving panorama highlights a vital vulnerability: Entry management in crypto stays one of the underdeveloped and high-risk areas, regardless of rising technical safeguards.
DeFi and good contracts expose vulnerabilities
Operational safety flaws had been accountable for almost all of the losses, with $1.83 billion stolen throughout each decentralized finance (DeFi) and centralized finance (CeFi) platforms. The standout incident in Q2 was the Cetus hack, the place $223 million was drained in simply quarter-hour, marking DeFi’s worst quarter since early 2023 and halting a five-quarter downtrend in exploit-related losses.
Previous to this, This autumn 2024 and Q1 2025 noticed a dominance of access-control failures, overshadowing most bug-based exploits. Nevertheless, this quarter noticed access-control losses in DeFi drop to only $14 million, the bottom since Q2 2024, although smart-contract exploits surged.
The Cetus attack exploited an overflow verify vulnerability in its liquidity calculation. The attacker used a flash mortgage to open tiny positions, then swept via 264 swimming pools. If real-time complete worth locked (TVL) monitoring with auto-pause had been applied, as much as 90% of the funds might have been saved, in accordance with Hacken.
AI poses a rising risk to crypto safety
AI and huge language fashions (LLMs) are deeply built-in into each Web2 and Web3 ecosystems. Whereas this integration sparks innovation, it additionally widens the assault floor, introducing new and evolving safety threats.
AI-related exploits have surged by 1,025% in comparison with 2023, with a staggering 98.9% of those assaults tied to insecure APIs. As well as, 5 main AI-related Widespread Vulnerabilities and Exposures (CVEs) had been added to the checklist, and 34% of Web3 tasks now deploy AI brokers in manufacturing environments, making them a rising goal for attackers.
Conventional cybersecurity frameworks — together with ISO/IEC 27001 and the NIST Cybersecurity Framework — will not be but outfitted to deal with dangers distinctive to AI, resembling mannequin hallucination, immediate injection and adversarial information poisoning. Hacken mentioned these requirements should evolve to mirror the AI-specific threats now dealing with Web3.
Journal: Coinbase hack shows the law probably won’t protect you: Here’s why
