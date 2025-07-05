Crypto and Web3 security incidents led to over $801.3 million in losses across 144 incidents in Q2 2025. CertiK reported that this reflects a 52.1% decrease in value lost from the previous quarter.

The quarter also saw 59 fewer incidents during this period.

Ethereum Hit Hardest Again

Phishing was the most damaging attack vector, as it saw $395 million being stolen across 52 incidents. Code vulnerabilities followed suit and recorded $235.8 million in losses across 47 incidents.

In its latest report, CertiK said that Ethereum saw the highest number of incidents. The network recorded 70 hacks, scams, and exploits, resulting in $65.4 million in losses for the quarter.

Additionally, funds worth $181 million were recovered, which brought the adjusted losses for the second quarter to $620.4 million. The average loss per incident was $4.3 million, while the median was around $104,000.

Zooming out, the blockchain security firm also reported total losses of $2.47 billion across 344 incidents for the first half of 2025. Wallet compromises were the costliest during this period, as these breaches accounted for $1.71 billion in losses across 34 incidents. Next up was phishing, with $410.7 million stolen across 132 incidents, which made it the most frequent attack type so far this year.

So far this year, Ethereum recorded 175 incidents in H1, resulting in $1.63 billion in losses. A total of $187.3 million was recovered in the first half of the year, pushing the adjusted total losses to $2.29 billion. Meanwhile, the average loss per incident for H1 was $7.13 million, with a median loss of $89,026.

Two Major Hacks Skew Trend

CertiK noted that while headline figures suggest worsening crypto security, two incidents alone accounted for around $1.78 billion of 2025’s losses – the Bybit hack and the Cetus Protocol breach.

Hackers exploited Bybit’s cold wallet infrastructure in February 2025 by altering transaction logic and masking interfaces, which enabled them to steal over $1.5 billion in Ether. North Korea’s notorious state-sponsored hacking entity, the Lazarus Group, was responsible for it.

Besides, Sui-based Cetus, on the other hand, suffered an exploit in an overflow check within the project’s liquidity calculation function, which resulted in $225 million in losses in May.

Without these two incidents, total losses would be $690 million, which essentially indicates that the broader security trend may not be as severe as the raw figures imply.