- $801.3M lost in Q2 2025; $181M recovered, netting $620.4M loss.
- Ethereum faced 175 attacks in H1, losing $1.63B.
- Social engineering scams outpace code exploits in 2025.
Massive security breaches affected cryptocurrency and Web3 platforms in Q2 2025, leading to 144 occurrences and a loss of $801.3 million. The net loss was reported to be $620.4 million, with a recovery of $181 million, as stated in the Web3 Security Report by CertiK. This is a 52.1 decrease in losses compared to Q1, which can be explained in part by a decrease in incidents and the lack of large one-time heists such as the Bybit exploit in Q1.
Phishing became the most trendy threat because it led to the loss of approximately 395 million dollars in 52 incidents. Attackers used fraudulent links to deceive users into disclosing valuable wallet information. The second position was taken up by code vulnerabilities that caused losses of 235.8 million and 47 incidents. Ethereum was the most attacked, with 70 attacks and lost 65.4 million dollars. The average and median expenses per incident were 4.3 million and 104,000, respectively.
Phishing Attacks Dominate Losses
Two major breaches skewed 2025’s figures. Cold wallet systems were exploited in the Bybit hack in February 2023, when hackers, who were associated with the Lazarus Group of North Korea, stole 1.5 billion dollars of Ether. May The Cetus Protocol was hacked to the tune of 225 million dollars due to an issue in its liquidity calculation program. These alone amounted to one point seven eight billion of the two-point four seven billion lost in H1 2025. The losses in the first half totaled $2.29 billion after deducting the recoveries of $187.3 million.
Wallet hacks, in particular, the stealing of private keys, declined in Q2 but were still costly, with 15 instances costing 142 million dollars. Social engineering attacks were on the rise, and they were aimed at the behavior of individuals instead of a flaw in a technology, like address poisoning. CertiK noted that hackers have evolved such that they now target the trust of the users instead of just code vulnerabilities. This tendency shows that it is necessary to enhance user education, as well as a strong set of security tools.
Evolving Threats in Web3 Security
The number of attacks on Ethereum is 175, and the total loss of the cryptocurrency is 1.63 billion dollars, whereas there were 10 attacks on Bitcoin with a total loss of 373 million dollars. The vulnerabilities of interoperability were also identified, and damages caused by cross-chain breaches were estimated to be $435 million in 2024 across 39 incidents. Despite the recoveries, the level of the loss shows the danger of decentralized finance (DeFi) and centralized exchanges.
The rise in phishing reflects more sophisticated scams. In April, a U.S. investor fell for a phishing attack and lost 330.7 million in Bitcoin, and the money was transferred to Monero using instant exchanges. The realization of such an occurrence should serve as a reminder of the need to be cautious, like verifying URLs and using hardware wallets. In the meantime, the losses that concerned codes skyrocketed in May, with 229 million being attributed to the issues of smart contracts, compared to April of 5 million.
Regulatory shifts offer some hope. In the first quarter(Q1) of 2025, the U.S. formed a Strategic Cryptocurrency Reserve with the aim of storing digital assets. SEC also established a Crypto Task Force to provide more proactive guidelines, and the method is no longer a hard and fast enforcement approach. These measures point to the growing institutional interest, and security remains the top priority with the growing adoption.
The post Crypto Security Fails: $620M Lost in Q2 Hacks appeared first on Live Bitcoin News.