Products & Technology
Featured Ecosystems
Company
Back to all stories
Hack3d: The Web3 Security Quarterly Report - Q2 + H1 2025
6/30/2025
Welcome to Hack3d: The Web3 Security Report for Q2 + H1 2025. Hack3d is the industry's most comprehensive record of statistics and analysis of on-chain security incidents. It equips stakeholders with the knowledge needed to make informed decisions in an increasingly high-stakes environment.
Executive Summary
Q2 2025
- A total of $801,315,669 was lost across 144 incidents in Q2 2025. This represents an approximate 52.1% decrease in value lost compared to the previous quarter. There were also 59 fewer incidents than last quarter.
- Phishing was the most costly attack vector in Q2 2025, with $395,063,695 stolen across 52 incidents.
- Code vulnerability followed, with $235,783,844 stolen across 47 incidents.
- Ethereum experienced the highest number of security incidents, with a total of 70 hacks, scams, and exploits leading to $65,370,264 in losses.
- The total value of funds returned was $180,950,613, leading to adjusted total losses of $620,365,056 for the quarter.
- The average loss per incident was $4,308,091 and the median loss per incident was $103,996.
H1 2025
- A total of $2,472,777,618 was lost across 344 incidents in H1 2025.
- Wallet compromise was the most costly attack vector in H1 2025, with $1,706,937,700 stolen across 34 incidents.
- Phishing was the second most costly, with $410,747,038 stolen across 132 security incidents. Phishing currently accounts for the highest number of security incidents so far this year.
- Ethereum experienced the highest number of security incidents, with a total of 175 hacks, scams, and exploits leading to $1,634,891,832 in losses.
- The total value of funds returned was $187,341,310, leading to adjusted total losses of $2,285,436,308 for H1 2025.
- The average loss per incident was $7,129,980 and the median loss per incident was $89,026.
In our report, we discuss in more detail the latest trends in Web3 security, including an analysis of the most prominent attack vectors, targeted chains, and the top three security incidents. We also highlight a variety of our recently-published technical and educational resources.
Related Stories
Ronghui Gu, Co-founder of CertiK and Associate Professor of Computer Science at Columbia University, delivered a Keynote speech at Unchained Summit Dubai 2025, emphasizing the important balance between Web3 innovation and security.
4/30/2025
Welcome to CertiK’s Hack3d report for Q1 of 2025! During this quarter, hackers stole more than $1.6 billion across 197 security incidents. These figures represent an approximate 303.38% increase in value lost compared to the previous quarter, the majority of which is due to the Bybit exploit, the largest crypto theft in history. In our report, we discuss the latest trends in Web3 security, including an analysis of the most prominent attack vectors and targeted chains. We also highlight a variety of our recently-published technical and educational resources.
4/1/2025
Welcome to Hack3d: The Web3 Security Report for 2024. CertiK’s Hack3d reports offer deep dives into the exploits, vulnerabilities, and trends that define blockchain and smart contract security. They’re an invaluable resource for anyone seeking to understand the current landscape of Web3 security.
1/2/2025
Largest Blockchain Security Auditor
Ready to take the next step? Connect with our sales team to request your free quote and secure your project today!
