Web3.0 Security Report: Nearly $2.5 billion lost in the first half of 2025

Recently, an authoritative Web3.0 security report was released, revealing the industry security situation for the first half of 2025. The data shows that losses caused by security incidents in the first half alone approached $2.5 billion, exceeding last year's total. This indicates that the security situation in the Web3.0 field remains severe, and the methods of threat are continuously escalating.

Security Overview for Q2 2025

• A total of 144 on-chain security incidents occurred, with total losses of approximately 800 million USD.
• The loss amount decreased by 52.1% compared to the previous quarter, and the number of incidents decreased by 59.
• Phishing attacks caused the largest losses, with 52 incidents resulting in approximately $400 million being stolen.
• Code vulnerability attacks followed, with 47 incidents causing losses of approximately $240 million.
• Approximately $180 million of stolen funds have been recovered, with a net loss of about $620 million.

Security Situation in the First Half of 2025

• A total of 344 security incidents occurred, with cumulative losses of 2.47 billion USD.
• The most severe losses were caused by wallet theft, with 34 incidents resulting in losses of approximately $1.71 billion.
• 132 phishing attacks, resulting in a loss of approximately $410 million, have become the most frequent attack method.
• Approximately $190 million of stolen funds have been recovered, with a net loss of about $2.29 billion.

Security Trend Analysis

As of the end of June, the cumulative net loss for 2025 reached $2.29 billion, exceeding last year's total of $1.98 billion. However, it is important to note that approximately $1.78 billion of this year's losses are concentrated in two major events. Excluding these two events, the annual loss would be $690 million, and the industry risks still need to be viewed dialectically.

In terms of attack methods, the issue of private key leaks, which has drawn significant attention in 2024, has noticeably decreased in the first half of 2025. However, phishing attacks have surged, becoming the most threatening attack method currently. As phishing techniques become increasingly covert and deceptive, users urgently need to enhance their security awareness:

• Avoid clicking unknown links
• Carefully check the website domain name
• Enable two-factor authentication
• It is recommended to manage private keys using a hardware wallet.

Global Regulatory and Market Dynamics

In the first half of 2025, multiple far-reaching regulatory and market developments occurred globally:

1. The United States has abolished its previous digital asset policy, prohibiting the government from issuing CBDC and introducing a new regulatory framework.
2. The United States establishes a strategic Bitcoin reserve, utilizing confiscated assets to create a national-level cryptocurrency reserve.
3. The EU's Markets in Crypto-Assets Regulation (MiCA) comes into full effect.
4. Hong Kong has passed legislation related to stablecoins, requiring issuers to obtain a license and have a clear redemption mechanism.
5. India announces the release of regulatory policy documents for digital assets.
6. Pakistan establishes its first Bitcoin reserve and builds energy infrastructure to support crypto mining.
7. Circle launches IPO, Tether expands the stablecoin application supported by commodities and invests heavily in Latin America.

This report provides valuable security insights and industry trend analysis for industry professionals, helping all parties better address security challenges in the Web3.0 field and promoting healthy industry development.