Over $470 million in digital assets vanished into hackers’ wallets during the first half of 2025, as decentralized finance (DeFi) protocols continued to serve as lucrative targets for cybercriminals.
Hackers continue their digital heist spree, with DeFi protocols hemorrhaging nearly half a billion dollars in just six months.
Despite this staggering figure, it actually represents a 28.67% decrease from the same period in 2024—like a hurricane downgrading to a tropical storm, still dangerous but slightly less catastrophic.
Leading the parade of digital heists was the UPCX hack, where attackers swiped approximately $70 million worth of UPC tokens.
The culprit? A compromised private key that allowed hackers to perform an unauthorized contract upgrade.
Think of it as thieves not just stealing the keys to your house but remodeling it while you’re away so they can access your valuables through a secret passage.
The ZKsync breach followed a similar playbook, with attackers exploiting admin wallet vulnerabilities to mint 111 million ZK tokens worth about $5 million.
Meanwhile, the Zoth protocol lost $8.45 million after hackers tampered with its proxy contract—essentially changing the rules of the game while it was in progress.
Perhaps most alarming was the Coinbase incident, where social engineering tactics compromised overseas support contractors, leading to approximately $400 million in damages.
This wasn’t a technical breach so much as old-fashioned trickery—the digital equivalent of talking your way past security.
Ethereum remained the most targeted network with $38.59 million in losses, followed by Solana and Binance Smart Chain with $5.8 million and $5.49 million respectively.
The pattern is clear: follow the money, and you’ll find the hackers.
The silver lining? The industry is adapting.
Protocols have increasingly implemented multi-signature wallets, enhanced real-time monitoring, and improved response procedures.
These security measures have become essential as smart contract vulnerabilities continue to pose significant risks in the trustless DeFi environment.
These attacks represent a concerning trend as DeFi became the hardest hit sector with 92 incidents accounting for 76.03% of all reported attacks in the first half of 2025.
The recent Bybit exploit resulting in massive $1.5 billion losses demonstrates that even established platforms remain vulnerable to sophisticated front-end attacks.
Yet the persistence of basic vulnerabilities—particularly in off-chain security—remains troubling.
Only 20% of hacked protocols had prior audits, suggesting that in crypto’s Wild West, many are still building fortresses with unsecured doors.
