Crypto and Web3 security incidents resulted in more than $881.3 million in 144 incidents in the second quarter of 2025. Certik reported that this reflected a 52.1% decrease in the value lost from the last quarter.
Additionally, there were fewer 59 incidents during this period.
Ethereum hit the hardest once again
Phishing was the most harmful attack vector, as $395 million was stolen in 52 incidents. The code vulnerability followed the lawsuit, with a loss of $235.8 million in 47 cases.
In the latest report, Certik said Ethereum saw the most incidents. The network recorded 70 hacks, frauds and exploits, resulting in a quarterly loss of $65.4 million.
Additionally, $181 million worth of funds were recovered, bringing the adjusted loss for the second quarter to $620 million. The average loss per incident was $4.3 million, with a median of about $104,000.
Zooming out, the blockchain security company reported a total loss of $2.47 billion over 344 incidents in the first half of 2025. These violations accounted for the highest wallet compromise during this period, accounting for $17.1 billion in 34 cases. Next up was phishing, which has become the most frequent attack type of this year to date, as $410 million was stolen in 132 cases.
So far, Ethereum has recorded 175 cases in H1, resulting in a loss of $1.63 billion. A total of $187.3 million was recovered in the first half of the year, bringing the adjusted total loss to $22.9 billion. Meanwhile, the average loss per incident for H1 was $7.13 million, with a median loss of $89,026.
Two major hacks are trending
Certik said that while headline numbers suggest cryptography security, the two incidents alone accounted for around $1.78 billion of 2025 losses.
Hackers leveraged Bybit’s cold wallet infrastructure in February 2025 by changing transaction logic and masking interfaces. This allowed us to steal more than $1.5 billion in ether. The Lazaro Group, a hacking entity sponsored by North Korea’s infamous country, took responsibility for it.
What’s more, SUI-based Cetus was exploited in an overflow check within the project’s liquidity calculation function, resulting in a loss of $225 million in May.
Without these two incidents, the total loss would be $690 million. This essentially indicates that the broader security trends may not be as severe as the raw numbers suggest.
Binance Free $600 (For cryptopotato only): Use this link to register a new account and receive an exclusive $600 welcome offer with Binance (detail).
Exclusive offer for Bybit’s Cryptopotato Leader: Use this link to sign up and open a free $500 position on your coin!
