Nearly $2.5 billion worth of cryptocurrencies were stolen in 290 separate incidents during the first half of 2025, surpassing the total losses recorded throughout all of 2024, according to blockchain security firm CertiK’s latest Hack3d report shared with Marketalert.
The most damaging attack vector was wallet compromises, which caused over $1.7 billion in losses across just 34 incidents. Phishing scams came next, accounting for more than $410 million across 132 cases, while code vulnerabilities led to over $283 million in losses from 114 exploits.
Although less frequent, exit scams and price manipulation schemes still made an impact, resulting in nearly $20 million in combined losses. Access control exploits contributed an additional $42 million.
Overall, losses in the first six months of 2025 have already eclipsed the $2.42 billion lost in all of 2024. After factoring in returned and frozen assets, net losses for H1 2025 stand at $2.29 billion—well above the $1.98 billion adjusted total from the previous year.
A staggering 72% of the total losses, or $1.78 billion, were tied to just two incidents: the Bybit hack in Q1 and the Cetus protocol exploit in Q2. Without these, total losses for the first half would have been around $690 million.
Q1 alone saw $1.67 billion in losses, more than twice Q2’s $801 million. Despite a slowdown in the pace of attacks in Q2, several major breaches still drove significant losses.
Phishing was the most common attack method in Q2, leading to over $395 million in losses across 52 incidents. Code vulnerabilities and access control flaws followed, causing $235.7 million and $36.1 million in damages, respectively. Wallet breaches, which were dominant in Q1, accounted for $112 million from 9 incidents in the second quarter.
While the Bybit hack remained the most costly exploit of the year, Q2 also witnessed several high-profile attacks, including the $225.6 million Cetus breach, an $89.1 million hack of Iran’s Nobitex exchange, and a $16.1 million attack on ALEX Lab.
Other notable incidents involved platforms like Bitopro, Cork Protocol, KiloEx, and various zkSync-based projects, which were mainly impacted by smart contract bugs, infrastructure failures, or compromised wallets.
Ethereum was the most targeted blockchain, suffering over $1.58 billion in losses across 164 incidents. Bitcoin followed with more than $373 million lost in just 10 cases.
CertiK also noted that approximately $187 million in stolen funds were recovered in the first half of the year—$180 million of that in Q2 alone—bringing adjusted net losses to $2.28 billion.
Meanwhile, a separate mid-year report by blockchain intelligence firm TRM Labs estimated $2.1 billion in crypto losses across 75 incidents, with the majority attributed to infrastructure-level breaches like private key theft and front-end hijacking.
