Crypto and Web3 safety incidents led to over $801.3 million in losses throughout 144 incidents in Q2 2025. CertiK reported that this displays a 52.1% lower in worth misplaced from the earlier quarter.

The quarter additionally noticed 59 fewer incidents throughout this era.

Ethereum Hit Hardest Once more

Phishing was probably the most damaging assault vector, because it noticed $395 million being stolen throughout 52 incidents. Code vulnerabilities adopted go well with and recorded $235.8 million in losses throughout 47 incidents.

In its newest report, CertiK mentioned that Ethereum noticed the best variety of incidents. The community recorded 70 hacks, scams, and exploits, leading to $65.4 million in losses for the quarter.

Moreover, funds price $181 million have been recovered, which introduced the adjusted losses for the second quarter to $620.4 million. The typical loss per incident was $4.3 million, whereas the median was round $104,000.

Zooming out, the blockchain safety agency additionally reported whole losses of $2.47 billion throughout 344 incidents for the primary half of 2025. Pockets compromises have been the most expensive throughout this era, as these breaches accounted for $1.71 billion in losses throughout 34 incidents. Subsequent up was phishing, with $410.7 million stolen throughout 132 incidents, which made it probably the most frequent assault sort to date this yr.

To date this yr, Ethereum recorded 175 incidents in H1, leading to $1.63 billion in losses. A complete of $187.3 million was recovered within the first half of the yr, pushing the adjusted whole losses to $2.29 billion. In the meantime, the typical loss per incident for H1 was $7.13 million, with a median lack of $89,026.

Two Main Hacks Skew Development

CertiK famous that whereas headline figures counsel worsening crypto safety, two incidents alone accounted for round $1.78 billion of 2025’s losses – the Bybit hack and the Cetus Protocol breach.

Hackers exploited Bybit’s chilly pockets infrastructure in February 2025 by altering transaction logic and masking interfaces, which enabled them to steal over $1.5 billion in Ether. North Korea’s infamous state-sponsored hacking entity, the Lazarus Group, was answerable for it.

Apart from, Sui-based Cetus, however, suffered an exploit in an overflow examine inside the undertaking’s liquidity calculation operate, which resulted in $225 million in losses in Might.

With out these two incidents, whole losses could be $690 million, which primarily signifies that the broader safety pattern is probably not as extreme because the uncooked figures suggest.