Overview of Web3 Blockchain Security in 2025
The first half of 2025 witnessed significant security challenges in the Web3 ecosystem. According to Beosin Alert's monitoring and预警 systems, the total losses due to hacker attacks, phishing scams, and Rug Pulls reached approximately $2.138 billion. Key incidents included:
- 90 major attacks totaling $2.093 billion in losses
- Rug Pulls accounting for $3.2 million
- Phishing scams resulting in $41.38 million in losses
Key Findings:
- Exchange platforms suffered the highest losses, with 6 attacks causing $1.591 billion in damages (74.4% of total losses).
- Ethereum remained the most targeted chain, with 81 attacks leading to $1.739 billion in losses (81.3% of total).
- Sui chain experienced significant losses due to the Cetus Protocol incident ($224 million).
- Contract vulnerabilities were the most common attack vector (63 incidents, $408 million in losses).
- Only 11.1% of stolen funds were recovered or frozen, while 71.2% remained in circulating wallets.
Detailed Attack Event Analysis
Major Incidents (Losses > $10M)
| Project | Loss Amount | Attack Method | Chain |
|---|---|---|---|
| Bybit | $1.44 billion | Wallet infrastructure | Ethereum |
| Cetus Protocol | $224 million | Contract vulnerability | Sui |
| Nobitex | $90 million | Unspecified | Multi-chain |
| Phemex | $70 million | Private key leak | Multi-chain |
👉 Learn how to protect your assets from similar attacks
Attack Distribution by Project Type
Centralized Exchanges (CEX) - 6 attacks ($1.591 billion)
- Bybit: $1.44 billion
- Nobitex: $90 million
- Phemex: $70 million
DeFi Protocols - Multiple attacks ($324 million)
- Cetus Protocol: $224 million
- Abracadabra Finance: $13 million
- Payment Platforms - 2 attacks ($120 million)
Chain-Specific Loss Breakdown
- Ethereum: 81 attacks ($1.739 billion)
- BNB Chain: 33 attacks ($42.53 million)
- Arbitrum: 11 attacks ($21.2 million)
- Base: 9 attacks ($13.05 million)
Attack Methodologies
Contract Vulnerabilities (63 cases, $408 million)
- Business logic flaws: $356 million (45 cases)
- Algorithm defects: $21.37 million (5 cases)
- Private Key Leaks: $102 million total
- Wallet Infrastructure Issues: Bybit's $1.44 billion loss
Stolen Fund Tracking
- Frozen/Recovered: $238 million (11.1%)
- Exchanges: $97.89 million (4.6%)
Mixers: $278 million (13%)
- Tornado Cash: $19.46 million
- Other mixers: $259 million
👉 Discover advanced security solutions for Web3 projects
2025 Security Trends and Recommendations
- Increased Attack Sophistication: More targeted attacks on exchanges and DeFi protocols
- Rising Mixer Usage: 294% increase in mixer transactions YoY
- Improved Exchange Cooperation: Better AML measures reducing exchange deposits
Security Best Practices:
- Implement multi-signature wallets
- Conduct comprehensive smart contract audits
- Establish regular security training for team members
- Utilize real-time monitoring solutions
FAQ Section
Q: Which blockchain suffered the most attacks in 2025?
A: Ethereum experienced 81 attacks resulting in $1.739 billion in losses - 81.3% of total losses.
Q: What percentage of stolen funds were recovered?
A: Only 11.1% ($238 million) of stolen assets were frozen or recovered during H1 2025.
Q: What was the most common attack vector?
A: Contract vulnerabilities accounted for 70% of attacks (63 incidents) and $408 million in losses.
Q: How can projects prevent similar attacks?
A: Key measures include professional smart contract audits, multi-sig implementations, and continuous security monitoring.
Q: Why did mixer usage increase significantly?
A: With improved exchange AML measures, hackers are increasingly turning to mixers for fund laundering.
Q: Which project type suffered the highest losses?
A: Centralized exchanges lost $1.591 billion across just 6 attacks - 74.4% of total losses.