Web3 is on track to report more losses to security breaches than in 2024 | Credit: amgun/Shutterstock
The Web3 ecosystem lost more than $3.1 billion in just the first six months of 2025, outstripping all of 2024’s damage. In its latest Half-Year Web3 Security Report, to which Euro Weekly News got a first glance, blockchain security firm Hacken lays bare the compounding impact of human fallibility, smart contract flaws, and AI-driven exploits.
The warning is clear: security is no longer a back-office concern; it is the foundation for growth, trust, and compliance.
“2025 has been a wake-up call,” says Yevheniia Broshevan, co-founder of Hacken. “Cybersecurity is no longer just a tech issue; it’s a business enabler. When projects integrate operational resilience and invest in security, they don’t just reduce risk, they build trust and protect innovation.”
In an exclusive interview with Euro Weekly News, Yehor Rudytsia, Head of Forensics and Incident Response at Hacken, stated that “the end users and platforms are affected, but the end user usually bears the brunt of these staggering losses.”
Rudytsia added: “Even when a platform is hacked, users often face withdrawal freezes, lost funds, or reduced trust. In DeFi, smart contract bugs directly drain user deposits with little chance of recovery. Large-scale phishing and social engineering attacks are also on the rise, targeting individuals through fake airdrops and wallet drainers, resulting in widespread yet often overlooked user losses.”
The report catalogues $3.09 billion in Web3 losses from January through June 2025. The breakdown reveals deeper patterns:
The first quarter alone saw over $2 billion in losses, primarily driven by the Bybit breach, in which attackers exploited a compromised signer interface to drain $1.46 billion through a single malicious transaction.
Access control breaches dominated the security landscape. A single leaked key, misconfigured multisig, or unmonitored admin role led to multimillion-dollar exploits on projects like UPCX, KiloEx, Roar, and zkSync. In most cases, the cryptography worked perfectly; it was the human layer that failed.
“Half a billion dollars can vanish even when the code is correct,” Broshevan notes. “What’s often missing are formal access control frameworks, third-party validations, and real-time monitoring.”
One particularly sobering example was Nobitex, Iran’s largest crypto exchange, which lost $90 million in what appears to have been a politically motivated attack. The attackers funnelled assets to burner addresses, raising questions about national infrastructure readiness.
In response to these systemic failures, Hacken has doubled down on automated incident response tools. Its Extractor platform now offers:
These tools would have mitigated many of this year’s largest breaches, often within seconds.
The psychological dimension of Web3 attacks is growing. Nearly $600 million was stolen through phishing and impersonation scams, with attackers posing as Coinbase support staff, exploiting leaked customer data, and using sophisticated social tactics to extract passcodes and wallet access.
The largest single theft involved an elderly U.S. citizen who was manipulated into handing over $330 million in Bitcoin. The attacker then laundered funds through hundreds of wallets, pumped Monero’s price by 50%, and disappeared into the DeFi ether.
These events underscore the rising importance of user interface transparency, education, and multi-factor authentication, especially for high-net-worth individuals.
Despite the industry’s maturity, smart contract bugs continue to be a significant attack vector. DeFi platforms lost $264 million in H1 2025, with the Cetus flash-loan attack standing out. In just 15 minutes, the attacker exploited a subtle overflow bug, sweeping through 264 liquidity pools and draining nearly a quarter billion dollars.
In the Cork Protocol case, a missing permission check allowed an attacker to inject custom calldata into a Uniswap V4 hook, ultimately draining $12 million by converting fake tokens into tangible assets. The vulnerability was introduced by modifying a single line of default Uniswap permissions.
These incidents speak to the need for TVL-aware monitoring, automated preemptive controls, and rigorous external audits.
AI-related incidents also surged, with a 1,025 per cent increase in exploit volume compared to 2023. Hackers exploited insecure APIs, prompt injections, training data poisoning, and RCEs (remote code execution) in open-source ML libraries, such as Langflow and BentoML.
“AI has introduced a new paradigm in cybersecurity, given the fact that generative AI is easily accessible. Tools which were once only in the possession of governments and big tech are now in the hands of your ordinary people, and by definition, that creates an incentive for abuse,” Jean-Michel Azzoppardi, cyber-security expert and fintech consultant, told Euro Weekly News in an exclusive interview.
“That said, AI has played a role in cyber for more than a decade, and I would argue that the spike in scams is simply due to the market growth in terms of value. Simply put, stealing a Rolex Submariner today would make you more money than stealing the same watch in 1990,” he added.
As 34 per cent of Web3 projects now use AI agents in production, the attack surface is expanding faster than governance frameworks can keep pace. Tools like WormGPT are enabling low-skill attackers to launch sophisticated malware campaigns, which Hacken refers to as “vibe hacking.”
“The promise of AI is massive, but so are the risks,” says Stephen Ajayi, Hacken’s DApp Audit Technical Lead. “By embedding security at every step, from prompt design to deployment, we help teams innovate with confidence.”
Hacken now offers AI System Security Audits, helping projects secure LLMs, multi-agent frameworks, and inference pipelines using standards like OWASP GenAI, ISO/IEC 42001, and MCP protocols.
While regulators have started to respond, led by the EU AI Act, ISO/IEC 42001, and NIST AI RMF, most frameworks are still catching up with the complexity of Web3-native AI deployments. Standards like ISO/IEC 27001 and SOC 2 offer foundational coverage but lack specificity on threats like prompt injection or model hallucination.
“Compliance can’t be reactive,” says Broshevan. “Businesses need proactive frameworks that match the speed and scale of innovation. That’s where Hacken is leading, from audit to implementation.”
Hacken supports clients navigating MiCA, VARA, and VASP requirements, bridging traditional compliance with decentralised infrastructure. Its services now include:
The 2025 half-year figures represent more than just lost funds. They reflect a strategic maturity gap. Until businesses treat security as integral, not optional, exploits will continue to scale.
Read more on Euro Weekly News Spain
