Crypto’s Bleeding: $3.1 Billion Lost in 2025 So Far
The crypto space has taken a beating in the first half of 2025, with a staggering $3.1 billion lost to various issues, including smart-contract bugs, access-control vulnerabilities, and outright scams. According to a report by blockchain security auditor Hacken, this figure surpasses the total losses of $2.85 billion for all of 2024. The massive $1.5 billion Bybit hack in Q1 2025 was a major contributor to this total, but even without it, the sector would still be facing significant challenges.
Access-Control Exploits: The Primary Driver of Losses
Access-control exploits have been the main culprit behind these losses, accounting for around 59% of the total. This is consistent with trends observed in 2024, where attackers targeted human and process-level weaknesses rather than cryptographic flaws. Smart-contract vulnerabilities, on the other hand, contributed to about 8% of the losses, with $263 million stolen. The distribution of loss types remains largely consistent with last year’s trends, with operational security flaws responsible for the majority of the losses.
Crypto Attack Types and Total Loss
The Hacken report highlights the various types of crypto attacks and the total loss incurred in the first half of 2025. The report notes that attackers have shifted their focus from exploiting cryptographic flaws to targeting human and process-level weaknesses, including blind signing attacks, private key leaks, and elaborate phishing campaigns. This evolving landscape has exposed a crucial vulnerability: access control in crypto remains one of the most underdeveloped and high-risk areas, despite growing technical safeguards.
DeFi and Smart Contracts: A Vulnerable Landscape
DeFi and smart contracts have been particularly vulnerable to attacks, with operational security flaws responsible for $1.83 billion in losses across both DeFi and CeFi platforms. The Cetus hack, which resulted in $223 million being drained in just 15 minutes, was a standout incident in Q2. This marked DeFi’s worst quarter since early 2023 and halted a five-quarter downtrend in exploit-related losses. The attack exploited an overflow check vulnerability in Cetus’s liquidity calculation, highlighting the need for real-time total value locked (TVL) monitoring with auto-pause to prevent such losses.
AI: A Growing Threat to Crypto Security
Artificial intelligence (AI) and large language models (LLMs) are increasingly being integrated into Web2 and Web3 ecosystems, sparking innovation but also widening the attack surface. AI-related exploits have surged by 1,025% compared to 2023, with 98.9% of these attacks tied to insecure APIs. The use of AI agents in production environments has made them a growing target for attackers, and traditional cybersecurity frameworks are ill-equipped to address AI-specific risks. As the crypto space continues to evolve, it’s essential to develop comprehensive governance that includes the unique challenges posed by AI.
A Call to Action: Strengthening Crypto Security
The crypto space needs to take a hard look at its security measures and work towards strengthening them. This includes implementing real-time TVL monitoring with auto-pause, securing APIs, and developing comprehensive governance that addresses AI-specific risks. As the sector continues to grow and mature, it’s essential to prioritize security and protect users’ assets. The $3.1 billion lost in 2025 so far is a stark reminder of the need for vigilance and proactive measures to prevent such losses in the future.
