CertiK "Hack3d: Web3.0 Security Report for the Second Quarter and First Half of 2025" (with full report link)

CertiK's "Hack3d: Q2 and First Half of 2025 Web3.0 Security Report" has been released, showing that losses due to security incidents in the first half of 2025 are close to $2.5 billion; to date, the total losses have exceeded the entire previous year's level. Overall, the Web3.0 security situation remains severe, with threat methods continuing to evolve and upgrade. Key Data Q2 2025: - In Q2 2025, 144 on-chain security incidents occurred in the Web3.0 industry, with total losses of approximately $800 million. Compared to the previous quarter, total losses decreased by about 52.1%, and security incidents reduced by 59. - Phishing attacks were the most damaging attack method this quarter, with 52 security incidents causing approximately $400 million in theft. Code vulnerability attacks followed, with 47 security incidents leading to about $240 million in theft. - Approximately $180 million in stolen funds were recovered this quarter, with a net loss of around $620 million. First Half of 2025: - A total of 344 security incidents occurred in the first half of 2025, with cumulative losses reaching $2.47 billion. - Wallet theft caused the most severe financial losses in the first half of 2025, with 34 incidents resulting in approximately $1.71 billion in losses. Phishing attacks followed, with 132 security incidents causing losses of about $410 million, currently the most frequent attack method. - In the first half of 2025, recovered stolen funds totaled approximately $190 million, with a net loss of around $2.29 billion. Security Trends As of June 30, the net losses in 2025 reached $2.29 billion, already exceeding the previous year's net loss of $1.98 billion. Although the overall security situation appears increasingly severe, approximately $1.78 billion of this year's losses were concentrated in two major incidents (Bybit and Cetus Protocol). Excluding these two incidents, the industry's overall losses this year are $690 million, requiring a nuanced perspective on risk. While private key leakage garnered widespread attention in 2024, this issue has significantly decreased in the first half of 2025. However, phishing attacks have surged, becoming the most threatening attack method. As phishing techniques become more sophisticated and deceptive, users urgently need to enhance their security awareness: avoid clicking unknown links, carefully verify website domain names, enable multi-factor authentication, and recommend using hardware wallets for private key management. Industry Trends Beyond security incidents, several globally impactful regulatory and market development dynamics occurred in the first half of 2025, which will profoundly influence the crypto industry's future: - The US passed Executive Order 14178, abolishing previous digital asset policies, prohibiting any form of government-issued CBDC, and introducing a new regulatory framework. - The US officially established a Strategic Bitcoin Reserve, using confiscated assets to create a national sovereign crypto asset reserve. - The EU's Markets in Crypto-Assets Regulation (MiCA) fully came into effect, providing clear regulatory guidelines for stablecoin issuance and crypto asset service providers. - Hong Kong passed stablecoin-related legislation, requiring issuers to obtain licenses and establish clear redemption mechanisms. - India announced plans to release a digital asset regulatory policy document. - Pakistan established its first Bitcoin reserve and developed energy infrastructure supporting crypto mining. - Circle launched an IPO, while Tether expanded into commodity-backed stablecoin applications and made significant investments in Latin America. Conclusion CertiK, as the world's largest Web3.0 security company, provides profound industry insights, offering various security event analyses, security guides, and annual and quarterly security reports to transmit critical security information to the industry. The security report receives high industry attention upon release and is quickly reported and cited by core Web3.0 media such as CoinDesk and Cointelegraph. Welcome to click here to read the complete "Hack3d: Q2 and First Half of 2025 Web3.0 Security Report" for more comprehensive analysis, insights, and recommendations.