A new Hacken report reveals Web3 platforms suffered $3.1 billion in losses in the first half of 2025, already exceeding 2024’s total.
According to the Hacken 2025 Half-Year Web3 Security Report, which was released on July 24, Web3 initiatives suffered losses of $3.1 billion due to exploits and scams during the first half of 2025.
The report indicates that the total losses documented in H1 this year have surpassed those recorded throughout 2024. It attributes $1.83 billion of this sum to access control exploits in Q1.
AI-Related Exploits Explode by 10x in Web3
$600 million was spent on phishing and social engineering attacks, a significant increase from the previous year. DeFi’s most detrimental quarter since early 2023 was an additional $263 million in losses due to smart contract vulnerabilities.
Hacken observed a 1,025% increase in the volume of AI-related exploits compared to H2 2024. These cases resulted from insecure API design, improper model access restrictions, and inadequate user input filtering in AI inference layers.
The Munchables breach, which exceeded $290 million, was the most significant incident of the period. Subsequently, the Pike Finance series of assaults resulted in a loss of $136 million. The first significant hook-related exploit was also recorded in the Uniswap V4 ecosystem, which resulted in a $12 million loss.
According to the report, Ethereum was responsible for 61.4% of the total losses, while BNB Chain and Arbitrum accounted for 20.2% and 11.4%, respectively. The remaining portion consisted of Ethereum L2s and alt-L1s that were exploited.
Security Improvements in Urgent Need
Yevheniia Broshevan, the Co-Founder and CBDO of Hacken, stated, “2025 has been a wake-up call.” “Cybersecurity becomes a fundamental business function as blockchain systems scale to the enterprise and regulations evolve.”
The report suggests that to mitigate the proliferation of threats, it is imperative to implement automated defense systems and continuous monitoring. Additionally, it cautions that the intricacy of integrated systems and AI models in Web3 environments renders standard auditing insufficient.
In the first half of 2025, DeFi protocols accounted for nearly 69% of all monitored incidents. Although there were fewer CeFi incidents, they tended to result in greater individual losses. The report also observed an increasing convergence between financial and infrastructure attack vectors.
The crypto industry is confronted with a challenge: the accelerated adoption of complex technologies is outpacing the development of security frameworks, as evidenced by the increase in AI-driven exploits.
Simultaneously, geopolitical actors and financially motivated organizations have begun to regard blockchain infrastructure as high-value targets. New regulatory coordination between Web3-native firms, national agencies, and cybersecurity vendors may be necessary due to the convergence of traditional cybersecurity threats with on-chain vulnerabilities.
Frequently Asked Questions (FAQs)
What is the potential impact of regulations such as the EU AI Act or MiCA on the security practices of Web3 in the future?
These frameworks may impose formal governance, model validation requirements, and real-time monitoring standards that compel protocols to incorporate cybersecurity by design, rather than after deployment.
Are these complex assaults more susceptible to smaller protocols?
Indeed. The report suggests that smaller teams are particularly vulnerable as AI integrations expand without defined defensive standards, as they are overly reliant on third-party tooling and have limited technical resources.
Is there any evidence of coordination between threat actors?
The rise in sophisticated, cross-layer attacks, although not explicitly documented, implies the possibility of collaboration or toolset exchanges between more organized adversarial groups and financially motivated hackers.