It’s only July, and the crypto space has already been rocked by a staggering $3.1 billion in losses from hacks, scams, and breaches more than all of 2024 combined. According to a new mid-year Web3 security report by Hacken, the first half of 2025 has been the most brutal stretch for crypto security in recent memory.
And these aren’t just minor incidents. We’re talking about record-breaking exploits, smart contract flaws, and next-gen AI-powered attacks that are leaving even seasoned projects scrambling.
The Bybit Hack Set the Tone Early
The biggest blow came in February, when Bybit was hit with a $1.46 billion exploit the largest crypto hack in history. A compromised wallet signer gave attackers full access, and they drained the exchange’s funds in one devastating swoop.
Unfortunately, it didn’t stop there.
Other major breaches followed:
- Infini Protocol lost $50 million after a disgruntled developer exploited backdoor access.
- zkSync saw $5 million vanish after what was supposed to be a multi-sig wallet turned out to be a 1-of-1 setup.
- Nobitex, Iran’s largest exchange, lost $90 million in a breach that some believe had political motives behind it.
Smart Contract Bugs Still Haunt DeFi
DeFi platforms weren’t spared either. In total, $263 million was lost due to smart contract vulnerabilities, with the worst incident involving Cetus. In May, the project’s faulty overflow check led to a $223 million loss in liquidity highlighting that sloppy code is still one of crypto’s biggest liabilities.
Phishing Explodes: $600M and Counting
Phishing and social engineering scams are evolving fast and hitting harder. Hacken reports that phishing attacks have already topped $600 million this year. That’s already worse than all of 2024.
One of the most heartbreaking cases involved an elderly U.S. investor who lost $330 million in BTC after falling victim to an elaborate scam.
Meanwhile, Coinbase users were also targeted in a wave of attacks. After a data breach, fraudsters posing as support agents used real customer data to trick victims into revealing their private keys. That one scheme alone netted over $100 million.
Other common phishing vectors included:
- Fake wallet apps
- Malicious browser extensions
- Token approval scams disguised inside cloned decentralized apps
All quietly stealing funds while users clicked through.
AI-Powered Hacks Are on the Rise Fast
AI is now part of the hacker’s toolkit. Hacken says AI-driven exploits are up over 1000% compared to 2023. Most of these involved insecure APIs, but new tactics like prompt injection, fake agents, and toolchain manipulation are letting attackers bypass even advanced defenses.
The Crypto Industry’s Biggest Wake-Up Call Yet?
If the trend continues, 2025 could end up being the most damaging year for Web3 security ever. The sheer scale and sophistication of these attacks highlight one thing: crypto’s security game needs a serious upgrade.
With insiders turning rogue, smart contracts breaking under pressure, and AI-based phishing going mainstream, the space is in desperate need of tighter controls, better auditing, and more user awareness.
Because at this pace, the next billion-dollar hack might just be a matter of when, not if.
