It’s midway through 2025, and the crypto industry has already won some heavy hits as fraud, violations and hacks continue to leave a trajectory of losses.
summary
- Over $3.1 billion has been lost across the industry in just six months.
- The February Bibit Exploit was the biggest crypto hack on record.
- Access control failures, smart contract bugs, phishing scams, and AI-powered exploits made up a large part of the hacks.
In just six months, the Crypto industry has already lost over $3.1 billion in hacking and fraud, according to Hacken’s 2025 Middle Age Web3 Security Report. This has increased the full year total since 2024, with access control failures making up the majority of the losses, accounting for around $1.83 billion.
Most devastating was the February Bibit $1.46 billion exploit, triggered by compromised signers that attackers seize wallet control.
Other well-known cases that continued over the next few months, including:
- Infini protocol exploit. A former developer breached the security of the platform and left for $50 million in one transaction.
- Zksync’s $5 million theft in April comes when the so-called multi-sig was made public as a set-up for 1-of-1 signers.
- The $90 million violation of Iran’s Nobitex Exchange appeared to be politically motivated.
You might like it too: $50 million infini hackers dump eth bags a few months after exploit
The Defi platform also saw a major fallout from a bug in the smart contract. In total, $263 million was lost from the vulnerability. Most of it came from Cetus Exploit in May and ran out $223 million due to a flaw in the logic overflow check of liquidity range logic. Another favorite tactic among attackers was phishing.
Phishing scams surge with $600 million theft
According to a Hacken report, phishing and social engineering attacks also reached new highs, accounting for around $600 million, already surpassing the full year total for 2024. In the biggest single case, older US investors lost $330 million in BTC after falling into sophisticated scams.
Coinbase users were also targeted. Following the data breaches, scammers pretending to be Coinbase support used real customer information to gain trust and to hold back the keys and passcodes to the victims. That incident alone earned more than $100 million.
Other schemes include fake wallet apps, malicious browser extensions, and token approval scams hidden in cloned Daps.
AI-related exploits exceeded 1000% compared to 2023. Hacken notes that most of these are tied to unstable APIs, and attackers are bypassing industrial defenses using rapid injection, fake agents and toolchain flaws.
Collectively, these incidents have made the first half of 2025 the worst six-month stretch for Web3 security over the years, fostering the need for security measures.
You might like it too: Crypto spy. How Nobitex Hacks Will Be Lead to Israeli Spy Arrests: Report
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
