Crypto Security Threats Exceed $3.1B in 2025 Losses
π΄ββ οΈ Crypto security threats have already cost the industry over $3.1 billion in 2025βand the year is far from over.
π‘οΈ Crypto security threats are escalating at a worrying pace, with over $3.1 billion lost in the first half of 2025 alone. This figure, reported by blockchain security firm Hacken, already surpasses the total losses seen in all of 2024. The majority of these losses stem from access-control vulnerabilities, highlighting a persistent weakness across both centralized and decentralized platforms.
π According to the Hacken 2025 Half-Year Web3 Security Report, crypto security threats have shifted in nature. While smart-contract bugs and scams remain, access-control issues account for 59% of all crypto losses so far this year. Comparatively, smart-contract exploits made up just 8%, though still totaling $263 million in theftβshowing that technical weaknesses, while smaller in volume, remain costly.
𧬠Yehor Rudytsia, head of forensics at Hacken, emphasized that outdated protocols like GMX v1 have been especially vulnerable to crypto security threats. Attackers began targeting GMX v1βs legacy codebase in Q3 2025, illustrating that even inactive or legacy systems can remain open doors for exploitation if not properly decommissioned or upgraded.
π§ As crypto security threats evolve, so do attacker strategies. Instead of focusing purely on cryptographic flaws, hackers now target human and operational weaknesses. Phishing campaigns, private key leaks, and blind signing attacks are growing in frequency and sophistication, showing that social engineering is as much of a threat as flawed code.
𧱠Operational security lapses remain central to crypto security threats, with $1.83 billion stolen across DeFi and CeFi platforms. One of the most shocking examples was the Q2 Cetus hack, which drained $223 million in under 15 minutes. This event halted a five-quarter downward trend in exploit-related losses for DeFi, marking its worst quarter since early 2023.
π While access-control losses in DeFi dropped to $14 million this quarter, smart-contract bugs resurged, reflecting shifting crypto security threats. The Cetus incident, in particular, involved an overflow check flaw in its liquidity calculations. The attacker manipulated 264 pools using flash loans and small position openingsβtactics that could have been mitigated with auto-pause protocols based on TVL monitoring.
π§ͺ Hacken noted that with proper security measures, 90% of the stolen funds in Cetus could have been protected. This points to a key takeaway: crypto security threats arenβt just about flawsβtheyβre about the absence of smart prevention systems. In DeFi especially, automated failsafes are no longer optionalβthey’re essential.
π€ The report also highlights a major rise in AI-related crypto security threats. Artificial intelligence is now deeply embedded in both Web2 and Web3 applications, but its integration has created new vulnerabilities. Thereβs been a 1,025% year-on-year increase in AI-related crypto exploits, with 98.9% of them tied to insecure APIs.
π With 34% of Web3 projects now using AI agents in production, the attack surface has widened. These AI-driven crypto security threats include issues like prompt injection, data poisoning, and model hallucinations. Unfortunately, existing frameworks like ISO/IEC 27001 and the NIST Cybersecurity Framework are not yet equipped to deal with these unique AI vulnerabilities.
β οΈ Traditional cybersecurity models fall short in covering emerging crypto security threats linked to artificial intelligence. Hacken argues that standards must evolve to reflect these new realities. In the meantime, projects deploying AI must be proactive in developing internal best practices to stay secure.
π΅οΈ Looking ahead, the outlook remains challenging. With hackers now targeting human behaviors, poorly maintained codebases, and advanced tools like AI, crypto security threats in 2025 could easily surpass 2023βs record-breaking numbers. The $1.5 billion Bybit incident in February may have been exceptional, but it underscores the scale of potential future exploits.
π For developers and founders, Hackenβs report serves as a wake-up call: crypto security threats can hit from multiple frontsβcode, personnel, infrastructure, or third-party APIs. Security must be treated as an ongoing process, not a one-time audit. And for users, the report is a reminder to remain vigilant in how they interact with wallets, platforms, and new technologies.
π As we move deeper into 2025, the crypto ecosystem must prioritize resilience. Investing in audits, using modern access control systems, retiring legacy codebases, and proactively addressing AI-specific risks will be key in minimizing future crypto security threats. One thing is clear: ignoring these risks is no longer an option.
