Since the beginning of 2025, the crypto industry has faced an unprecedented wave of attacks. According to the latest data from Hacken, over $3.1 billion in digital assets were stolen in the first six months – already surpassing the total for all of 2024.
The primary source of losses is access control issues, accounting for approximately 59% of all incidents, or around $1.83 billion. Hackers most often target multisignature wallets and admin keys of projects with outdated codebases. The most severe incident hit the Bybit platform: $1.46 billion were stolen due to access to a signer key – the largest theft in the industry’s history.
The second major category involves vulnerabilities in smart contracts, which alone resulted in around $263 million in losses. The Cetus protocol hack in Q2 led to a $223 million loss in just 15 minutes – the worst quarter for DeFi since early 2023.
Phishing attacks and social engineering also made a significant impact, with losses exceeding $600 million. The range of victims is expanding – from industry veterans to large investors tricked by fake support teams, fraudulent dApps, and malicious browser extensions.
Particularly alarming is the rise in AI-related attacks. In 2025, the number of AI exploits surged by 1,025%. The majority (98.9% of cases) stem from API and interface vulnerabilities used by intelligent agents within Web3 platforms. At the same time, 34% of Web3 projects have already integrated AI agents into their infrastructure, making themselves targets for exploitation.
Recommendations for users and developers:
- Use hardware wallets and avoid storing large amounts on centralized platforms.
- Enable two-factor authentication (2FA), and remove outdated access keys and admin-level roles.
- Manually verify QR codes, especially when prompted to enter seed phrases.
- Implement TVL monitoring and automatic liquidity pause features – especially in DeFi. This can help prevent major drains like the Cetus case.
- Conduct regular audits of code and smart contracts, including legacy bases. Also, thoroughly check APIs and AI agent interfaces.
The first half of 2025 has already become the most painful period in the history of the crypto ecosystem. Losses exceeded $3.1 billion – and these are more than just numbers, they are warning signs. The issue lies not only in technology but also in human factors and process management. The faster the industry adopts secure architecture, removes outdated code, and restricts vulnerable APIs, the higher the chances of avoiding future breaches.
