$3.1 Billion Lost: Hacken’s 2025 Report Reveals Web3 Security Crisis

The first half of 2025 has already become the most damaging period in Web3 security history, according to Hacken’s newly released Half-Year Security Report.

Losses in the first six months have exceeded $3.1 billion — overtaking the total losses recorded in all of 2024.

Access Exploits and AI Attacks Dominate Losses

The report, which covers threats across DeFi, CeFi, and AI-integrated infrastructure, reveals that access control vulnerabilities were the top attack vector, leading to $1.83 billion in stolen funds — largely in Q1. Meanwhile, social engineering schemes and phishing campaigns grew to $600 million in damages, underscoring the rising human-centric risks in crypto.

One of the most concerning trends: AI-related exploits have surged 1,025%, driven by insecure APIs and weak inference layer protections. As more protocols integrate AI-driven services, attackers are quickly identifying and exploiting the gaps in implementation.

DeFi Sees Worst Quarter Since Early 2023

Smart contract flaws caused approximately $263 million in losses, marking the worst DeFi quarter in over two years. Notably, the first major Uniswap V4 hook exploit cost users $12 million, signaling that even upgraded protocols remain vulnerable when novel features are introduced without sufficient defense layers.

Read More:

A Security Wake-Up Call for Web3 Teams

Hacken’s Co-Founder Yevheniia Broshevan stressed the importance of rethinking cybersecurity:

“Cybersecurity is no longer just a technical safeguard — it’s a core business function.”
With MiCA and the EU AI Act enforcement gaining traction, projects are urged to move beyond one-off audits. The report recommends real-time monitoring, automated threat detection, and governance alignment as essential tools for mitigating evolving risks.