Author: Beosin, Footprint Analytics
1. Overview of Web3 Blockchain Security Situation in the First Half of 2025
According to Beosin Alert monitoring and early warning, the total loss in the Web3 field in the first half of 2025 due to hacker attacks, phishing scams, and project Rug Pulls is approximately $2.138 billion. Among these, there were 90 major attack incidents, resulting in a total loss of about $2.093 billion; the total loss from Rug Pulls was about $3.2 million; and the total loss from phishing scams was about $41.38 million.
From the types of attacked projects, exchanges have become the project type with the highest loss amount. Six attacks on exchange platforms caused losses exceeding $1.591 billion, accounting for 74.4% of all attack losses.
In terms of loss amounts across different chains, Ethereum remains the chain with the highest loss amount and the most attack incidents. There were 81 attack incidents on Ethereum, resulting in losses of $1.739 billion, which accounts for 81.3% of the total losses. Sui, due to the Cetus Protocol incident, suffered losses of about $224 million, ranking second.
Regarding attack methods, the most frequent attacks in the first half of the year were those exploiting contract vulnerabilities, occurring 63 times, resulting in losses of $408 million. Bybit was hacked due to a wallet infrastructure flaw, resulting in a theft of $1.44 billion, which accounts for 67.4% of the total attack losses, making it the attack type with the highest loss proportion.
In terms of fund flow, only a small portion (about $238 million) of the stolen funds was frozen or recovered in the first half of the year, with approximately 71.2% of the stolen funds still circulating in on-chain wallets, not flowing into exchanges or mixers.
2. Overview of Attack Incidents in the First Half of 2025
90 major attack incidents caused losses of $2.093 billion
In the first half of 2025, Beosin Alert monitored a total of 90 major attack incidents in the Web3 field, with total losses amounting to $2.093 billion. Among these, there were 2 security incidents with losses exceeding $100 million, 7 incidents with losses in the range of $10 million to $100 million, and 18 incidents with losses between $1 million and $10 million.
Attack incidents with losses exceeding $10 million (sorted by amount):
- Bybit** - $1.44 billion**
Attack method: Safe wallet frontend tampered Chain platform: Ethereum
On February 21, cryptocurrency exchange Bybit was attacked, and approximately $1.44 billion in funds from its Safe multi-signature wallet was stolen. The hacker implanted malicious code by hacking into Safe's server, replacing normal transaction requests, causing signers to unknowingly sign the tampered transactions.
- Cetus Protocol - $224 million
Attack method: Contract vulnerability Chain platform: Sui
On May 22, the DEX Cetus Protocol on the Sui ecosystem was attacked, with the vulnerability stemming from an implementation error in the left shift operation in the open-source library code. Subsequently, with the cooperation of the Sui Foundation and other ecosystem projects, $162 million of the stolen funds on Sui has been successfully frozen.
- Nobitex - $90 million
Attack method: Not yet specified Chain platform: Multi-chain
On June 18, Iran's largest cryptocurrency exchange Nobitex announced that it had been hacked, with losses exceeding $90 million, involving various cryptocurrencies such as BTC, ETH, Doge, XRP, SOL, TRX, and TON. An organization named "Gonjeshke Darande," which is pro-Israel, has claimed responsibility for the attack, characterizing it as a strike against Iran's crypto infrastructure.
- Phemex - $70 million
Attack method: Private key leak Chain platform: Multi-chain
On January 23, the Singapore-based cryptocurrency exchange Phemex had approximately $70 million in crypto assets stolen from its hot wallet, involving various crypto assets such as ETH, SOL, BTC, BNB, and USDT.
- UPCX - $70 million
Attack method: Access control vulnerability Chain platform: Ethereum
On April 1, UPCX lost approximately $70 million worth of tokens due to unauthorized access. The hacker upgraded UPCX's ProxyAdmin contract and then executed a function that allowed the administrator to withdraw funds, resulting in funds being transferred from three different management accounts.
- Infini - $49.5 million
Attack method: Permission management vulnerability Chain platform: Ethereum
On February 24, Infini was hacked for $49.5 million, due to an internal developer secretly retaining contract management permissions by deceiving the team, and stealing funds through contract upgrades.
- Abracadabra Finance - $13 million
Attack method: Contract vulnerability Chain platform: Ethereum
On March 25, the decentralized lending protocol Abracadabra Finance was hacked for approximately 6,262 ETH, resulting in losses of about $13 million.
- Cork Protocol - $12 million
Attack method: Contract vulnerability Chain platform: Ethereum
On May 28, the asset anchoring protocol Cork Protocol on the Ethereum chain was attacked, with the attacker profiting $12 million through a logical flaw in the project contract (unverified key parameters).
- BitoPro - $11.5 million
Attack method: Private key leak Chain platform: Multi-chain
On June 2, the cryptocurrency exchange BitoPro announced that it had been attacked, confirming that its hot wallet was attacked during a recent wallet system upgrade and crypto asset transfer, resulting in an abnormal outflow of approximately $11.5 million from multiple on-chain hot wallets.
3. Types of Attacked Projects
CEX is the project type with the highest loss amount
The project type with the highest losses in the first half of the year was centralized exchanges, with 6 attacks on centralized exchanges causing losses exceeding $1.591 billion, among which the exchange with the largest loss was Bybit, with losses of about $1.44 billion. Other exchanges with significant losses include Nobitex (loss of about $90 million), Phemex (loss of about $70 million), and Noones, BitoPro, and Coinbase also suffered attacks.
The second most attacked type is DeFi. Among them, Cetus Protocol was stolen for about $224 million, accounting for 69.1% of the stolen funds in DeFi. Other DeFi projects with significant losses include Abracadabra Finance ($13 million), Cork Protocol (about $12 million), Resupply (about $9.6 million), zkLend (about $9.5 million), Ionic (about $8.8 million), and Alex Protocol (about $8.37 million).
Additionally, 2 security incidents occurred in the crypto payment sector, with losses of about $120 million, ranking third among all project types. Other attacked project types include: browsers, token contracts, cross-chain bridges, and Memecoin launchpads.
4. Loss Amounts Across Different Chains
Ethereum is the chain with the highest loss amount and the most attack incidents
As in previous years, Ethereum remains the public chain with the highest loss amount. 81 attack incidents on Ethereum resulted in losses of $1.739 billion, accounting for 81.3% of the total losses.
The second-ranked public chain in terms of attack incidents is BNB Chain, with 33 attack incidents causing losses of approximately $42.53 million. BNB Chain has a high number of on-chain attacks, with relatively smaller loss amounts, but compared to the same period last year, both the number of attacks and the loss amount have significantly increased, with the loss amount increasing by 357%.
Arbitrum and Base rank third and fourth, with loss amounts of $21.2 million and $13.05 million, respectively. Compared to the same period last year, the number of attacks on the Arbitrum chain has increased, but the loss amount has significantly decreased by 71.8%; the number of attacks and loss amount on the Base chain have both significantly increased, with the loss amount increasing by 294%.
5. Analysis of Attack Methods
70% of attacks come from contract vulnerabilities
In the first half of the year, there were 63 attack incidents targeting contract vulnerabilities, resulting in losses of $408 million, making it the largest category of attack methods by loss amount, aside from the Bybit incident due to wallet infrastructure flaws. The losses from private key leak incidents in the first half of this year have significantly decreased compared to the same period last year, but the total loss amount still exceeds $102 million.
Breaking down the contract vulnerabilities, the top three vulnerabilities causing losses are: business logic vulnerabilities ($356 million), algorithmic flaws ($21.37 million), and validation vulnerabilities ($12.7 million). The most frequently occurring contract vulnerabilities are business logic vulnerabilities (45 times), access control vulnerabilities (7 times), and algorithmic flaws (5 times).
6. Analysis of Stolen Fund Flow
Only 11.1% of stolen assets were frozen and recovered
According to Beosin KYT anti-money laundering platform analysis, in the first half of 2025, approximately $238 million of the stolen funds were frozen or recovered, accounting for about 11.1%.
Approximately $97.89 million of the stolen funds were transferred to various exchanges, accounting for about 4.6%. A total of $278 million (13.0%) was transferred to mixers: about $19.46 million went to Tornado Cash; $259 million went to other mixers. Compared to last year, the amount of stolen funds laundered through mixers has significantly increased in the first half of 2025.
7. Summary of Web3 Blockchain Security Situation in the First Half of 2025
Compared to the first half of 2024, the total losses due to hacker attacks, phishing scams, and project Rug Pulls have significantly increased, reaching $2.138 billion. The number of attacks and loss amounts in exchanges and mainstream public chain ecosystems are overall increasing, and the security situation in the Web3 field remains very severe.
The most damaging attack incident in the first half of the year was the Bybit theft incident, with approximately 67.4% of the loss amount coming from this incident. From the perspective of project types, attack incidents are spread across various fields in Web3: exchanges, DeFi, personal wallets, infrastructure, token contracts, payment platforms, browsers, Memecoin launch platforms, etc. All Web3 project teams and individual users need to remain vigilant, store private keys offline, use multi-signatures, be cautious with third-party services, and conduct regular permission updates and security training for privileged employees.
In the first half of the year, only a small portion of assets were frozen or recovered, indicating that global regulatory and anti-money laundering efforts still need to be strengthened. In the first half of the year, the proportion of stolen funds transferred to exchanges by hackers has significantly decreased, which is related to exchanges strengthening anti-money laundering measures, timely identifying hacker activities, and actively cooperating with law enforcement agencies and project teams to freeze funds and conduct investigations. Currently, the cooperation between exchanges, law enforcement agencies, project teams, and security teams has shown significant results, leading hackers to increasingly attempt to use various mixers for money laundering.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
