On December 23, Web3 security company CertiK released a report stating that Web3 security incidents will cause a total loss of approximately $3.35 billion in 2025, of which supply chain attacks will cause losses of up to $1.45 billion, accounting for nearly half of the total losses for the year, making it the most destructive source of risk.
A prime example is the Bybit incident in February. Attackers did not directly compromise the trading platform's system, but instead implanted malicious code into the developer environment of a third-party multi-signature wallet service provider, bypassing multiple approval processes and resulting in approximately $1.4 billion in losses. Attackers are focusing their resources on key service providers and underlying tools, rather than the protocol itself, making supply chain security a systemic risk that cannot be ignored.
