Record Losses: Web3 Projects Suffer $3.1 Billion in Hacks and Scams in First Half of 2025

During the first half of 2025, losses from hacks and fraud experienced by Web3 projects reached $3.1 billion. This figure already surpasses the total losses for the entire year of 2024, which amounted to $2.85 billion, as reported by Hacken in their latest report.

The primary cause of these losses was vulnerabilities in access controls, accounting for $1.83 billion, or 59% of the total. Users and projects also suffered $594 million (19%) in losses due to phishing and social engineering attacks. Additionally, rug pulls and smart contract vulnerabilities resulted in losses of $300 million and $273 million, respectively.

The largest incident recorded was the hack of Bybit, which resulted in a loss of $1.46 billion due to a compromised signing interface. Analysts also highlighted an attack on Cetus that incurred a loss of $223 million and a theft of $330 million from a user in the U.S. through social engineering tactics.

Hacken’s analysts noted a shift in the focus of attackers from exploiting technical vulnerabilities to targeting human factors and weak internal processes. Issues related to key management and multi-signatures have become key contributors to hacks on both centralized and decentralized platforms.

Losses from phishing and social engineering have hit a record high of $600 million, with hackers increasingly leveraging phone calls impersonating tech support and fake applications.

The report identified artificial intelligence as a new and significant security threat, with attacks related to AI increasing by 1025% compared to 2023. Nearly 99% of these incidents involve unsecured APIs.

Hacken has recommended that companies implement automated monitoring and conduct regular audits to enhance security.

Users are advised to store significant amounts in cold wallets, utilize hardware keys for two-factor authentication, and avoid clicking on suspicious links.

It is worth noting that in May, the damage to the cryptocurrency industry from hacks reached $244 million.