Crypto Losses Surge 125% in 2025 First Half to $2.47 Billion

Crypto investors faced significant losses in the first half of 2025, with a total of $2.47 billion lost across 344 incidents, according to a report by blockchain security firm CertiK. The report, titled “Hack3d: Web3 Security Report for Q2 + H1 2025,” highlights a shifting threat environment where wallet compromises and phishing attacks were the most prevalent threats. Wallet-related breaches alone accounted for $1.7 billion across just 34 attacks, while phishing scams resulted in over $410 million stolen in 132 incidents.

Two major incidents, the Bybit and Cetus Protocol hacks, significantly skewed the data. The Bybit hack in February resulted in the theft of more than $1.5 billion in liquid-staked ETH and MegaETH, making it the single largest exploit of 2025. The Cetus Protocol hack in May led to a loss of about $225 million due to a smart contract flaw, with Sui validators later freezing and returning $162 million. Removing these two incidents brings the total losses to $690 million, which is more in line with previous years.

Ethereum remained the most targeted blockchain, experiencing 175 security events and over $1.6 billion in losses. The report noted an alarming trend in wallet breaches but also observed a decline in private key compromises, a top concern in 2024. The average amount lost per incident stood at over $7.1 million, while the median loss was just under $90,000. Phishing attacks have become more deceptive, especially in the second quarter, where they topped all other attack vectors. The report urges users to be cautious, double-check URLs, avoid suspicious links, and use hardware wallets for storage.

Social engineering attacks also remain a serious threat. In April, a BTC whale fell victim to a phishing scam that resulted in a $330 million loss. The attacker used multiple instant exchanges and eventually swapped the funds for the privacy coin Monero. Despite the scale of attacks, some funds were recovered. CertiK reports that $187 million was returned to victims through law enforcement action, whitehat efforts, and exchange cooperation. This brings the net loss for the first half of the year to around $2.29 billion.

Looking closer at May 2025, CertiK noted a rise in losses due to code vulnerabilities. In that month alone, flawed smart contracts caused $229 million in damages, a massive jump from just $5 million in April. The report highlighted that as the tokenization of financial systems accelerates, so too do the methods of attack. While it’s encouraging to see private key breaches drop, phishing and smart contract risks continue to evolve rapidly. With the pace of incidents showing no sign of slowing, the second half of 2025 may test whether recovery efforts can keep up with the rising tide of exploits.

As crypto scams and hacks rise, so do violent crimes targeting private holders. At least 32 physical attacks, known as “wrench attacks,” have been reported globally this year, putting 2025 on pace to surpass 2021’s record of 36. Nearly a third of these incidents occurred in France. The attacks have grown more brutal, with incidents including kidnappings and mutilations. Criminals have also begun targeting families, prompting increased demand for private protection services.