The cryptocurrency business has witnessed over $3.1 billion in losses through the first half of 2025, already surpassing the full for all of 2024.
Based on a report revealed by blockchain safety agency Hacken, the determine displays persistent systemic vulnerabilities throughout each decentralized and centralized finance platforms, pushed by outdated codebases, access-control flaws, and the rising complexity launched by synthetic intelligence integrations.
Entry-control exploits stay the main trigger of economic harm, contributing roughly 59% of the full losses, whereas smart-contract bugs accounted for round $273 million.
Though the $1.5 billion Bybit incident in February stands out as a significant occasion, it doesn’t obscure the truth that the business continues to face broad safety shortcomings.
Hacken’s forensic staff noticed a recurring theme in 2025: human and procedural errors at the moment are a extra frequent level of assault than cryptographic weaknesses.
Legacy Infrastructure and Operational Vulnerabilities
Hacken’s head of forensics, Yehor Rudytsia, famous that older codebases have remained energetic targets for attackers, with the GMX v1 platform being a key instance.
The protocol’s outdated construction started dealing with exploitation in Q3 2025. “Initiatives should care about their previous or legacy codebase if it was not stopped from working fully,” Rudytsia mentioned, emphasizing the dangers of leaving older protocols uncovered.
Operational vulnerabilities have additionally performed a distinguished position, accounting for roughly $1.83 billion in losses throughout each DeFi and CeFi. Probably the most notable case was the $223 million breach on Cetus, a DeFi platform, throughout Q2. The exploit was traced to an overflow test vulnerability in its liquidity calculations.
Utilizing a flash mortgage, the attacker opened a whole lot of small positions throughout 264 swimming pools. Hacken analysts prompt that real-time TVL monitoring with computerized pause mechanisms might need prevented as much as 90% of the funds from being drained.
AI and Insecure APIs Add Complexity to Web3 Safety
The incorporation of synthetic intelligence instruments into Web3 tasks has added one other layer of complexity to the safety atmosphere. Based on Hacken’s report, there was a 1,025% improve in AI-related assaults in comparison with 2023.
Practically 99% of those incidents concerned insecure APIs, making them one of the vital exploited assault surfaces right now. As of mid-2025, 34% of Web3 tasks are utilizing AI brokers in stay environments, rising their publicity to dangers comparable to mannequin hallucination, immediate injection, and knowledge poisoning.
Hacken additionally highlighted that present safety requirements like ISO/IEC 27001 and the NIST Cybersecurity Framework are usually not but adequately geared up to deal with these AI-specific threats. The report referred to as for up to date governance and danger fashions that may higher account for evolving vulnerabilities in good methods.
With extra refined menace vectors rising and attackers more and more counting on automation and social engineering, the demand for proactive and adaptive safety mechanisms within the crypto sector has grown considerably.
Featured picture created with DALL-E, Chart from TradingView
Editorial Course of for bitcoinist is centered on delivering completely researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent assessment by our staff of high expertise specialists and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.
