Products & Technology
Featured Ecosystems
Company
Welcome to Hack3d: The Web3 Security Report for Q1 2025. Hack3d serves as an essential resource and record of statistics for understanding security challenges and vulnerabilities in the Web3 space. It equips stakeholders with the knowledge and insights needed to fortify their defenses and make informed decisions in an increasingly high-stakes environment.
The first quarter of this year saw several notable regulatory and strategic developments which have impacted the Web3 industry at large. For instance, the United States government announced the formation of a Strategic Cryptocurrency Reserve, an initiative aimed at securing the U.S.’s financial interests in the digital asset ecosystem. The U.S. Securities and Exchange Commission (SEC) also launched a Crypto Task Force to provide clearer regulatory guidance, moving away from an enforcement-first approach that had previously stifled innovation. Internationally, the European Union finalized its technical standards as part of its ongoing crypto compliance efforts through the Markets in Crypto Assets (MiCA) regulation.
Despite these advancements, Q1 2025 saw a significant quarter-over-quarter increase in amounts stolen due to hacks, scams, and exploits, leading to a total of $1,668,990,884 in losses. Already, this amount is more than two thirds of the total amount stolen in the entire year of 2024 ($2,389,786,232.40).
It is important to note, however, that the vast majority of this Q1 total stemmed from a single catastrophic event: the Bybit exploit, which resulted in the loss of approximately $1.45 billion. The fallout from Bybit’s breach has since sent shockwaves throughout the industry, raising urgent questions about security measures at centralized exchanges, with many regulators and security firms calling for stronger protective measures.
One of the most pressing concerns this quarter has been the rise in private key compromises, a sub-category of wallet compromises, which led to $142,364,595 stolen across 15 incidents. Additionally, only 0.38% of stolen funds were returned this quarter, compared to last quarter’s 42.09%, making the adjusted loss much higher. In fact, in February of 2025, no stolen funds were returned.
Ethereum has once again been the most targeted chain for exploits, resulting in $1,540,843,886 stolen across 98 incidents. Ethereum’s dominance in decentralized finance (DeFi) and smart contract activity makes it a lucrative target, with billions of dollars locked in protocols vulnerable to contract exploits and permission mismanagement.
In our report, we discuss in more detail the latest trends in Web3 security, including an analysis of the most prominent attack vectors, targeted chains, and the top three security incidents. We also highlight a variety of our recently-published technical and educational resources.
