- 2025 losses rose 37% despite fewer incidents, driven by a small number of high-impact exploits.
- Supply chain and phishing attacks accounted for the majority of Web3 security losses.
- Ethereum and cross-chain platforms remained primary targets for large-scale attacks.
The Web3 network experienced higher security losses in 2025, despite a decline in the number of incidents compared to the previous year, according to data from CertiK’s Skynet Hack3D security report. The findings reveal a growing threat scenario, characterized by limited, high-impact attacks rather than widespread, low-value exploits, reflecting a shift in attacker strategy as on-chain activity rebounded.
Web3 activity accelerated in 2025 due to positive market sentiment, renewed liquidity, and a more accommodative policy environment in the United States. Decentralized applications expanded across payments, gaming, tokenized real-world assets, and identity use cases.
However, this growth also expanded the attack surface, with threat actors focusing on private key management, authentication systems, and access controls across high-value platforms.
Total losses from hacks, scams, and exploits reached $3.35 billion in 2025, up from $2.45 billion in 2024, representing an increase of approximately 37%. A single supply chain incident at Bybit was responsible for approximately $1.45 billion of those losses.
Fewer Incidents, Larger Financial Impact
The average loss per incident rose to $5.32 million in 2025, a 66.6% increase from the prior year, while the median loss fell to $103,996. This gap suggests that while many incidents remained relatively minor, a limited number of attacks caused disproportionate damage.
February was the most costly month, with $1.54 billion lost across 58 incidents, largely driven by the Bybit exploit. Losses peaked in the first quarter at $1.67 billion across 200 incidents, before declining by roughly 52% in the following quarter as monitoring and response measures improved.
Supply Chain and Phishing Lead Attack Vectors
Supply chain breaches were the most damaging attack vector in 2025, resulting in $1.45 billion in losses across just two incidents. These attacks often involved development dependencies, CI/CD pipelines, and wallet integrations. Phishing accounted for the highest number of incidents, with 248 cases leading to $722.9 million in losses, slightly exceeding code vulnerability exploits in frequency.
Ethereum and Cross-Chain Targets Dominate Losses
Ethereum experienced the highest number of incidents, with 310 events resulting in $1.70 billion in losses. Bitcoin-related incidents totaled $528.2 million across 22 cases. Attacks affecting multiple blockchains accounted for $460.8 million across 29 incidents, highlighting ongoing risks tied to cross-chain infrastructure.
Overall, 2025 data shows that Web3 security risks mainly stem from targeted, complex operations rather than broad-based exploit campaigns, reshaping how losses accumulate across the ecosystem.
Related: Ethereum Launches Kohaku, an Open-Source Privacy SDK for Web3 Wallets
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
Source: https://coinedition.com/web3-security-losses-rose-in-2025-as-attackers-shift-toward-fewer-larger-incidents/
