Nearly $2.5 billion worth of cryptocurrencies were stolen across 290 incidents in the first half of 2025, surpassing total losses recorded in 2024.
According to CertiK’s latest Hack3d report shared with crypto.news, compromised wallets accounted for the largest share of losses, totalling over $1.7 billion across 34 incidents. Phishing attacks followed, siphoning more than $410 million in 132 cases, while code vulnerabilities led to losses exceeding $283 million across 114 incidents.
Exit scams and price manipulation were less frequent during this period but were still notable, resulting in combined losses of nearly $20 million. Access control exploits accounted for $42 million in damages.
Notably, total losses in the first six months of 2025 have already surpassed the $2.42 billion recorded for all of 2024. After adjusting for returned and frozen funds, net losses stand at $2.29 billion, exceeding last year’s adjusted total of $1.98 billion.
A significant portion of this year’s losses, roughly 72%, or $1.78 billion, stemmed from two large-scale incidents, the Bybit hack in Q1 and the Cetus protocol exploit in Q2. Excluding these, H1 losses would have stood at around $690 million.
Q1 of 2025 accounted for $1.67 billion in losses, more than double Q2’s $801 million. While the pace of attacks slowed significantly in the second quarter, several major incidents still contributed to substantial losses.
Phishing was the most widespread attack vector in Q2, accounting for over $395 million in losses across 52 incidents. Code vulnerabilities and access control weaknesses followed, resulting in losses of $235.7 million and $36.1 million, respectively. Wallet compromises, which had dominated Q1, caused $112 million in losses from 9 incidents in Q2.
While the Bybit breach remained the most damaging incident of the year, Q2 saw several other high-value breaches involving protocol exploits and infrastructure compromises. These included the $225.6 million exploit of Cetus, the $89.1 million hack of Iran’s Nobitex exchange, and a $16.1 million attack on ALEX Lab.
Other incidents involving Bitopro, Cork Protocol, KiloEx, and zkSync-based projects were primarily the result of smart contract flaws, infrastructure breaches, or compromised wallets.
Ethereum was the most targeted blockchain, suffering losses of more than $1.58 billion across 164 incidents, while Bitcoin came in second, with over $373 million lost across 10 incidents.
CertiK noted that $187 million in stolen funds were returned in the first half of the year, bringing the adjusted total losses to just over $2.28 billion. Of this, $180 million was recovered in Q2 alone.
As previously reported by crypto.news, a separate mid-year analysis by blockchain intelligence firm TRM Labs estimated $2.1 billion in crypto losses across 75 incidents during the same period, with the majority linked to infrastructure-level breaches such as private key thefts and front-end hijacks.
Read the full article here
