Despite only being halfway through, 2025 has already broken previous yearly loss records. (TheDigitalAritst/Pixabay)Hacken’s report highlights a marked increase in the scale and frequency of infrastructure-level security breakdowns. These involve compromised private keys, flawed wallet signer workflows, and weak multisignature operations. The results are financial devastations rather than isolated technical bugs. By comparison, losses across all of 2024 totaled approximately $2.85 billion, meaning the midpoint of 2025 has already eclipsed last year’s tally.
In Hacken’s reporting, access control vulnerabilities emerge as the most damaging category. These include multisig misconfigurations, deficient operational security, and signer-related protocol weaknesses. Altogether, these accounted for about $1.83 billion of the $3.1 billion haul in the first half of 2025. Smart contract coding flaws were responsible for a much smaller slice of the losses, estimated around 8%, or $263 million, underscoring how attacks are shifting focus from on-chain bugs to backend infrastructure failures.
The Bybit exchange breach in February, remains the single largest crypto heist in history, with approximately $1.5 billion stolen from its cold wallets. A separate exploit of Cetus Protocol on the Sui blockchain in May added another $225 million in losses. Together, these two incidents contributed heavily to H1 totals.
Complementary analysis from TRM Labs confirms that front-end and private key vulnerabilities were responsible for more than 80% of the total losses in the first six months of 2025. Not only were such incidents larger per occurrence, but they also targeted non-technical vectors such as phishing and interface spoofing. Meanwhile, CertiK’s mid-year update supports the same shift in attack patterns, highlighting that most losses stemmed from wallet compromises, phishing schemes, and operational mismanagement. This reflects a broader transition away from traditional smart contract exploits toward attacks that exploit human error and infrastructure weaknesses.
CertiK’s reporting also reveals that phishing scams and wallet compromises are now the most common vectors. In just 132 incidents during H1 2025, phishing stole around $410 million, while wallet-based attacks spanning 34 incidents led to over $1.7 billion in losses.
Hacken also flagged that AI-driven attacks have surged, as cybercriminals deploy automation to scale phishing, impersonation, and access exploitation campaigns. Chainalysis corroborates the wider picture: over $2.17 billion was stolen from crypto services by the end of June 2025, already surpassing 2024’s theft totals, with the Bybit hack alone accounting for the lion’s share.
Hacken emphasizes that crypto infrastructure must adopt more robust protocols: secure signer management, rigorous wallet access controls, routine audits, and systematic testing of outdated or legacy codebases to prevent future exposures. Similarly, CertiK and TRM Labs urge platforms and custodians to enforce stronger human-centric defenses, encourage multifactor authentication, hardware wallet adoption, phishing-resistant training, and safer process workflows to reduce the weakest link, user behavior.
With more than half of the year still remaining, 2025 has already surpassed prior annual loss records. The fact that such extreme damage results more from operational oversights than protocol flaws underscores the urgent need to shift focus from smart-contract auditing alone toward end-to-end governance and resilience. As digital asset markets mature, investor safety hinges on better infrastructure, stronger governance, and targeted defense strategies—not just code audits. The growing sophistication of attackers demands a holistic approach to Web3 security, one that includes both technological resilience and human-centered protections.
Gulf Craft first in MENA to take crypto payments
Senate GOP pushes draft to define tokens, split oversight
PNC Bank partners with Coinbase to offer crypto trading
Satoshi Nakamoto now ranks as 11th richest person
Stay ahead with the latest updates, insights, and trends shaping the world of cryptocurrency and blockchain technology.
