The first half of 2025 was catastrophic for the Web3 sector, which lost $2.29 billion due to various attacks, including hacks and phishing. This figure surpasses previous years and highlights systemic security issues.
Record Losses in the Web3 Sector
In the first half of 2025, the Web3 sector suffered losses of $2.29 billion due to hacks, phishing attacks, and Rug Pulls. Centralized exchanges (CEXs) were hardest hit, incurring $1.59 billion, accounting for 74.4% of all reported losses. Notably, the Bybit hack, which resulted in a $1.45 billion loss, was the most significant incident. Additionally, the Iranian exchange Nobitex lost $90 million in a geopolitically motivated incident, emphasizing how conflict situations affect crypto infrastructure.
Evolution of Attacks: From Code to Human Errors
Hackers have adapted, now targeting not just code vulnerabilities but also human error. In most cases, including the Bybit incident, attacks were carried out through user-level manipulation, undermining trust and employing phishing tactics. Over 200 phishing incidents were reported in the first half of 2025, leading to losses of $400 million.
New Security Approaches and Asset Protection
Despite the losses, the Web3 sector is adapting to new challenges. The situation's intensification is leading to systemic changes in security. Three main directions are emerging: utilizing artificial intelligence to monitor abnormal transactions, designing new mechanisms to reduce risk, and implementing global regulatory requirements such as new regulations ensuring stablecoin reliability and user identification.
The $2.29 billion lost in the first half of 2025 serves as a wake-up call for the Web3 sector. It highlights the need to adapt security strategies to a new type of threats, including attacks from state actors and actions from highly skilled criminal groups. The lessons learned and new approaches will help rebuild trust and resilience within platforms in the future.
