Losses from crypto hacks, exploits, and scams surged to $2.47 billion in the first half of 2025, according to blockchain security firm CertiK. However, the second quarter brought a notable decline in both the number and value of incidents.
In its report released Tuesday, CertiK revealed that Q2 saw over $800 million lost across 144 incidents—a 52% drop in value from the previous quarter and 59 fewer cases.
Despite the decrease in Q2, the total losses for the first half of 2025 marked a nearly 3% increase compared to the $2.4 billion lost in 2024. However, with more than $187 million recovered during this period, the adjusted net loss stands closer to $2.2 billion.
Majority of losses stemmed from just two incidents
Despite the surge in overall losses, CertiK noted that this doesn’t necessarily indicate a worsening security environment, as the bulk of the damage came from just two major incidents involving Bybit and Cetus Protocol, which together accounted for $1.78 billion.
On February 21, attackers exploited vulnerabilities in Bybit’s cold wallet infrastructure, stealing $1.5 billion in Ether. Meanwhile, Cetus Protocol—the main decentralized exchange on the Sui blockchain—was hit by a $225 million exploit on May 22.
“Without those events, total losses in 2025 would stand at $690 million, indicating that the broader trend may not be as severe as raw figures imply,” CertiK said.
Phishing Attacks Surge with Ethereum as Primary Target
Phishing has emerged as the most frequent type of security incident in 2025 so far, with 132 attacks resulting in $410 million in losses.
However, wallet compromises proved to be the most financially damaging, accounting for over $1.7 billion stolen across just 34 incidents in the first half of the year, according to CertiK’s report.
“With phishing schemes becoming increasingly sophisticated, it’s crucial for users to practice strong security measures—avoid clicking suspicious links, verify domain authenticity, enable multifactor authentication, and consider using hardware wallets to safeguard private keys,” CertiK advised.
The Ethereum blockchain remained a prime target for malicious activity, recording 70 hacks, scams, and exploits in the second quarter—down from 98 in Q1.
“Ethereum’s leading role in decentralized finance and smart contract usage makes it a high-value target, with billions of dollars locked across its protocols,” CertiK noted in its Q1 security report.
Stronger Security Standards Essential Moving Forward
In addition to security incidents, the first half of 2025 has seen major global regulatory and market shifts that are poised to shape the future of the crypto industry, according to CertiK.
In the U.S., President Donald Trump has introduced reforms at the Securities and Exchange Commission, leading to the rollback of several enforcement actions against crypto firms and the introduction of pro-crypto legislation. Elsewhere, Hong Kong’s Legislative Council passed a Stablecoin Bill, establishing a regulatory framework, while the European Union’s MiCA (Markets in Crypto-Assets) regulation officially came into effect on December 30.
“These developments reflect growing institutional interest and a maturing regulatory landscape,” CertiK stated.
“With fresh capital and new participants entering the space, upholding strong security standards will be more critical than ever,” the firm added.
