According to a medium-term report on blockchain security firm SlowarMist, the Ethereum ecosystem was affected by a security incident in the first half of 2025.
Of the 121 total recorded cases, Ethereum-related projects suffered a loss of approximately $38.6 million. The Defi platform is the most frequent target, accounting for 92 incidents and losses of around $470 million, or about 76% of all attacks during the period.
Crypto Hacks H1 2025
There were fewer cases reported in the first half of 2025 than last year’s same time, but the losses increased, mainly due to the $1.5 billion Buybit Hack. In the first half of 2024, there were 223 incidents, resulting in losses of around $1.43 billion.
In 2025, there were 121 incidents, but the estimated loss reached around $2.37 billion. Slowmist said that it may be high in real numbers as it has not been reported in some cases and token prices fluctuate over time.
Attack vector
Most of the attacks took advantage of account compromises and bugs in smart contracts. Account acquisitions were the most common, with 42 cases followed by 35 incidents caused by contract vulnerabilities.
The report also highlighted emerging risks associated with Ethereum’s EIP-7702 wallet delegation feature, which was introduced earlier this year as part of the Pectra upgrade. This feature allows users to allow smart contracts to act on their behalf without exchanging wallet addresses.
In one example, a phishing group called Inferno Drainer reportedly stole more than $146,000 by abuse of a new mechanism.
“Even if the contract itself does not have a backdoor, if the phishing site is tricked into granting approval, an attacker can take advantage of the full operational capabilities of the contract to drain large amounts of assets,” Slowmist said.
Exploits use standard wallet tools to trick users into authorizing token access in bulk. This is a type of risk that, according to Slomast, is not always detected by anti-phishing tools.
Other risks associated with EIP-7702 include potential private key leaks, replay attacks across multiple chains, and issues that can occur during wallet upgrades, blockchain intelligence company noted.
Slowmist analysts added that EIP-7702 brings “new risk boundaries” and that users “need to have a full understanding of who is authorizing and what permissions are granting before delegating.”
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
