Crypto Losses Surge 115% in 2025 First Half Due to Hacks

Crypto investors faced significant losses in the first half of 2025, with a total of $2.2 billion stolen due to hacks, scams, and security breaches. This figure surpasses the total losses recorded for the entire year of 2024, highlighting a growing trend in the frequency and severity of cyber threats within the crypto ecosystem. The report, "Hack3d: Web3 Security Report for Q2 + H1 2025," by blockchain security firm CertiK, provides a detailed analysis of the security landscape, revealing that wallet breaches and phishing attacks were the primary drivers of these losses.

Between January and June 2025, a total of 344 incidents were reported, resulting in a cumulative loss of $2.47 billion. Wallet-related breaches alone accounted for $1.7 billion across just 34 attacks, underscoring the vulnerability of digital wallets to sophisticated hacking techniques. Phishing scams followed closely, with over $410 million stolen in 132 incidents. These figures indicate a shift in the threat environment, where a handful of catastrophic incidents, often enabled by state-backed actors or deep infrastructure flaws, are responsible for the majority of losses.

The report highlights two significant incidents that skewed the data: the Bybit hack in February and the Cetus Protocol breach in May. The Bybit hack resulted in the theft of over $1.5 billion in liquid-staked ETH and MegaETH, making it the single largest exploit of 2025. The Cetus Protocol breach, which occurred on May 22, led to the loss of about $225 million due to a smart contract flaw. The attacker exploited spoof tokens and price manipulation to drain liquidity, although Sui validators later froze and returned $162 million.

Ethereum remained the most targeted blockchain, experiencing 175 security events and over $1.6 billion in losses. The trend in wallet breaches is alarming, but private key compromises, a top concern in 2024, have shown signs of decline. The average amount lost per incident stood at over $7.1 million, while the median loss was just under $90,000. Phishing attacks have grown more deceptive, especially in the second quarter, where they topped all other attack vectors. The report urges users to be cautious, double-check URLs, avoid suspicious links, and use hardware wallets for storage.

Despite the scale of attacks, some funds were recovered. CertiK reports that $187 million was returned to victims through law enforcement action, whitehat efforts, and exchange cooperation. This brings the net loss for the first half of the year to around $2.29 billion. Looking closer at May 2025, CertiK noted a rise in losses due to code vulnerabilities. In that month alone, flawed smart contracts caused $229 million in damages, a massive jump from just $5 million in April. As the tokenization of financial systems accelerates, so too do the methods of attack. While it’s encouraging to see private key breaches drop, phishing and smart contract risks continue to evolve rapidly.

With the pace of incidents showing no sign of slowing, the second half of 2025 may test whether recovery efforts can keep up with the rising tide of exploits. As crypto scams and hacks rise, so do violent crimes targeting private holders. At least 32 physical attacks, known as “wrench attacks,” have been reported globally this year, putting 2025 on pace to surpass 2021’s record of 36. Nearly a third of these incidents occurred in France. The attacks have grown more brutal, with kidnappings and mutilations becoming more common. Criminals have also begun targeting families, prompting increased demand for private protection services.