SlowMist's latest annual report indicates that the blockchain industry will face even more complex security challenges in 2025. While the total number of security incidents decreased from 410 in 2024 to 200, the total losses actually increased by approximately 46% year-on-year, reaching a staggering $2.935 billion.
Top 10 most costly hacks of the year: Bybit suffers $1.46 billion loss.
The most notable security incident in 2025 was the hacking attack on cryptocurrency exchange Bybit, which resulted in a single loss of up to $1.46 billion. The hackers are suspected of launching the attack by gaining access to Safe Wallet's multi-signature permissions.
Other significant loss events include:
Cetus Protocol: Lost approximately $230 million, primarily due to a vulnerability in its contract mechanism.
( Sui's family sheds tears! Sui's main DEX Cetus loses over $260 million, wiping out 83% of its TVL )
Balancer V2: Lost approximately $121 million due to a computational error in the Stable Pool swap path.
Nobitex: Attacked by a pro-Israel hacker group, destroying approximately $100 million in assets.
Other affected projects include Phemex ($70 million), UPCX ($70 million), BtcTurk ($54 million), Infini ($50 million), CoinDCX ($44.2 million), and GMX ($42 million).
Fraud methods are evolving: from traditional phishing to AI-powered supply chain poisoning.
The report points out that attack methods in 2025 are highly organized and professional, especially in combining new protocol features with AI technology:
AI technology attack
Using deepfake technology, hackers can impersonate corporate executives to participate in video conferences (as seen in the Arup Hong Kong employee fraud case) or bypass KYC verification. Furthermore, hackers also use AI models to dynamically generate malicious code to evade detection.
Social engineering attacks
Common tactics include job interview scams that lure engineers into downloading code repositories containing malicious code.
Clickfix phishing
It induces users to execute malicious commands on the system.
Solana permission tampering
By modifying the account owner permissions, the victim is prevented from controlling the assets even if they possess the private key.
EIP-7702 Authorization Abuse
Mass theft of cryptocurrency was carried out by exploiting the new feature of account abstraction.
( Ethereum EIP-7702 Phishing Theft Becomes a New Favorite for Hackers: WLFI Investors' Wallets Emptyed )
Supply chain poisoning
Hackers implant backdoors in popular open-source tools on GitHub, such as the Solana trading bot, or in NPM packages.
Anti-money laundering supervision will enter the cross-border enforcement phase by 2025.
North Korean hackers (Lazarus Group) remain one of the world's biggest security risks, having stolen approximately $1.645 billion in the first nine months of 2025 alone. Their money laundering processes are industrialized, using cross-chain bridges, coin mixers, and multiple incidents of money mixing to obscure their traceability.
In the Southeast Asian money laundering sector, Cambodia's Huione Group has been implicated in the flow of large amounts of fraudulent funds and has been sanctioned by the US OFAC.
SlowMist Technology summarizes the trends for 2025 as follows: more professional attack systems, more covert criminal connections, and stronger regulatory enforcement. Security and compliance are no longer just about protection capabilities, but rather a prerequisite for business survival. The future vitality of the Web3 industry will depend on its ability to establish stronger internal security controls and transparent financial governance models.
This article, "2025 Blockchain Security and Anti-Money Laundering Annual Report: Total Losses Surge 46%, AI and Social Engineering Become Mainstream Threats," first appeared on ABMedia, a ABMedia .
