Web3.0 Security Report: Nearly $2.5 Billion Lost in the First Half of 2025

Recently, a report on the security status of Web3.0 in the second quarter and the first half of 2025 has attracted widespread attention in the industry. The report indicates that in just the first half of 2025, losses in the Web3.0 sector due to security incidents reached nearly $2.5 billion, surpassing the total for the entire previous year. This data highlights that the security situation in the Web3.0 field remains severe, and the methods of threat are constantly evolving and upgrading.

Security Overview for Q2 2025

In the second quarter, a total of 144 on-chain security incidents occurred, resulting in an estimated loss of approximately $800 million. Compared to the first quarter, the total loss decreased by about 52.1%, and the number of security incidents reduced by 59. Phishing attacks became the mode of attack causing the largest losses, with 52 incidents leading to approximately $400 million being stolen. Following that were code vulnerability attacks, with 47 incidents causing about $240 million in losses. Notably, approximately $180 million of the stolen funds were recovered this quarter, resulting in a net loss of about $620 million.

Security Situation in the First Half of 2025

A total of 344 security incidents occurred in the first half of the year, with cumulative losses reaching as high as $2.47 billion. Wallet thefts resulted in the most severe financial losses, with 34 incidents leading to approximately $1.71 billion in losses. Phishing attacks became the most frequently occurring type of attack, with 132 incidents causing approximately $410 million in losses. The total amount of stolen funds recovered in the first half of the year was approximately $190 million, resulting in a net loss of approximately $2.29 billion.

Security Trend Analysis

As of June 30, the cumulative net loss for 2025 reached $2.29 billion, surpassing last year's total net loss of $1.98 billion. However, about $1.78 billion of this year's losses are concentrated in two major events. Excluding these two events, the overall loss for the industry this year is $690 million, and the risk landscape still needs to be viewed dialectically.

From the perspective of attack methods, the issue of private key leakage has significantly decreased in the first half of 2025. However, phishing attacks have surged, becoming the most threatening form of attack currently. As phishing techniques become increasingly covert and deceptive, users need to enhance their security awareness: avoid clicking on unknown links, carefully verify website domain names, enable multi-factor authentication, and it is recommended to use hardware wallets for private key management.

Industry Regulation and Market Development Trends

In the first half of 2025, several far-reaching regulatory and market development events occurred globally:

1. The United States has abolished its previous digital asset policy, prohibiting the government from issuing CBDCs, and has introduced a new regulatory framework.
2. The United States establishes a strategic Bitcoin reserve, using confiscated assets to build a national-level cryptocurrency reserve.
3. The European Union's Markets in Crypto-Assets Regulation (MiCA) comes into full effect.
4. Hong Kong has passed legislation related to stablecoins, requiring issuers to obtain a license and have a clear redemption mechanism.
5. India announces the release of a regulatory policy document for digital assets.
6. Pakistan establishes its first Bitcoin reserve and builds energy infrastructure to support crypto mining.
7. Circle launches IPO, Tether expands into the commodity-backed stablecoin sector and makes large-scale investments in Latin America.

This report provides valuable security information and market insights for the industry, helping practitioners better understand the challenges and opportunities faced by the current Web3.0 ecosystem.