Losses to crypto hacks, exploits and scams spiked to $2.47 billion in the first half of 2025, but the second quarter saw a decline in the total number of hacks, says blockchain security firm CertiK.
Over $800 million was lost across 144 incidents in Q2, a 52% decrease in value lost compared to the previous quarter with 59 fewer hacking incidents, CertiK said in a report on Tuesday.
In total, the first half of 2025 has seen more than $2.47 billion in losses due to hacks, scams and exploits, representing a nearly 3% increase compared to the $2.4 billion stolen in 2024.
However, considering the more than $187 million returned across the year’s first half, CertiK said the adjusted total is closer to $2.2 billion.
Bulk of losses from two incidents
Despite the spike in losses, CertiK said it doesn’t necessarily “suggest a deteriorating security landscape” because the lion’s share of losses came from just two incidents against crypto exchange Bybit and Cetus Protocol worth $1.78 billion combined.
Attackers exploited vulnerabilities in Bybit’s cold wallet infrastructure, siphoning off $1.5 billion in Ether (ETH) on Feb. 21, while the Cetus Protocol, the primary decentralized exchange on the Sui blockchain, suffered a $225 million hack on May 22.
“Without those events, total losses in 2025 would stand at $690 million, indicating that the broader trend may not be as severe as raw figures imply,” CertiK said.
Phishing attacks surge, Ethereum targeted
Phishing currently accounts for the highest number of security incidents so far this year, with 132 security incidents and $410 million stolen.
Overall, wallet compromises were the most costly attack vector in the first half of 2025, with over $1.7 billion stolen across 34 incidents, according to the report.
“As phishing campaigns grow increasingly deceptive, it’s vital for users to adopt strong security habits: avoid clicking unknown links, double-check domain authenticity, enable multifactor authentication, and consider using hardware wallets for key storage,” CertiK said.
The Ethereum blockchain was one of the more popular targets, accounting for 70 hacks, scams, and exploits compared to 98 in the first quarter.
“Ethereum’s dominance in decentralized finance and smart contract activity make it an attractive target, with billions of dollars locked in protocols,” CertiK said in its security report for Q1.
Rigorous security standards needed going forward
Beyond security incidents, CertiK said the first half of 2025 has been marked by significant global regulatory and market developments that will likely “shape the industry’s future.”
In the US, President Donald Trump has instigated reforms at the Securities and Exchange Commission that have seen the agency drop many enforcement actions against crypto firms and implement other pro-crypto-related legislation.
Related: Crypto seed phrase, front-end hacks drive record losses in 2025: TRM Labs
Meanwhile, Hong Kong’s Legislative Council passed a Stablecoin Bill, paving the way for a regulated framework and the Union’s regulatory framework for crypto, MiCA, came into force on Dec. 30.
“Together, these developments signal both growing institutional interest and a maturing regulatory environment,” CertiK said.
“As new capital and participants flow into the space, maintaining rigorous security standards will be more important than ever,” the firm added.
Magazine: China threatened by US stablecoins, G7 urged to tackle Lazarus Group: Asia Express
