While blockchain technology promised a new era of financial security, the Web3 ecosystem is facing an unprecedented crisis as hackers and scammers have made off with a staggering $2.138 billion in just the first half of 2025.
February alone accounted for $1.535 billion of these losses, a month that crypto enthusiasts might wish they could strike from the calendar altogether.
The hemorrhaging of funds stems from over 90 major attack incidents, with contract vulnerability exploits leading the charge—appearing 63 times and draining $408 million.
Think of these exploits as finding the one wobbly brick in an otherwise impressive wall; pull it out, and the whole structure comes tumbling down.
Exchanges have become the juiciest targets, with just six attacks resulting in $1.591 billion in losses.
The Bybit wallet infrastructure flaw stands as the crown jewel of heists, responsible for $1.44 billion—or 67.4% of all attack-related losses. This incident was a significant contributor to the total Q1 losses of approximately $1.67 billion.
It’s like robbing a bank and accidentally finding the vault door wide open.
The Ethereum blockchain, despite its maturity, remains the most vulnerable hunting ground with 81 attacks and $1.739 billion in losses.
Other chains aren’t faring much better, with Sui’s Cetus Protocol incident ranking second with a $224 million loss.
What’s particularly concerning is the shift toward infrastructure-level vulnerabilities.
Hackers are no longer picking locks; they’re finding ways to remove entire walls.
And recovery? That’s the real kicker—less than 12% of stolen funds have been recovered or frozen, while 71.2% remain on-chain, like stolen paintings displayed in plain sight.
Security experts note that despite increasing audit practices, defensive measures aren’t keeping pace with attacker innovation.
Many exploits stemmed from contract logic flaws that could have been identified through more rigorous security testing before deployment.
It’s a classic case of building higher walls while attackers simply bring taller ladders.
As DeFi activity reaches record levels, the bounty for potential attackers grows more tempting by the day.
Many platforms are now exploring zero-knowledge proofs as a way to verify transactions without exposing sensitive data that could be compromised during an attack.
