$3.35B Vanished: Why 2025 Broke All Records

 According to CertiK, in 2025, $3.35 billion was stolen in Web3 attacks. Losses increased by 37% despite a lower number of incidents. The largest contributors were supply-chain exploits.

In 2025, Web3 security reached a new level of crisis. CertiK wrote on X that over 700 incidents erased $3.35 billion of the ecosystem. The losses reached 37 percent higher than the previous year of 2.4 billion.

Source: X 

The damage is revealed in the annual Skynet Hack3d Report by CertiK. The security company in blockchain monitors all exploits in decentralized finance. Their statistics reveal that attackers have developed strategies and defenders have failed to keep up.

When One Hack Changes Everything

February was the most expensive month in Web3 history. The losses amounted to $1.5 billion in 58 cases. The Bybit exchange hack alone cost it 1.4 billion.

That one violation distorted the yearly statistics drastically. Without Bybit, overall losses would have decreased to less than 2024 levels. The incident demonstrated that focused attacks today threaten entire platforms.

Q1 losses were 1.67billion in 200 security events. A decline of 52 percent followed the next quarter. Increased surveillance and accelerated response rates minimized the damage that followed.

You might also like: HashKey Raises $250M as Institutions Commit to Crypto Funds

Supply Chains Became Elite Targets.  

The industry suffers a loss of 1.45 billion due to supply-chain attacks. Only two incidents produced almost half of the total losses of 2025. Hackers exploited blockchain dependencies and wallet integrations.

In second place were phishing attacks resulting in the theft $722 million. These are social-engineering attacks that are struck 248 times per year. The presence of weak authentication allowed unauthorized access to high-value accounts.

There were 240 incidents initiated by code vulnerabilities. Entry points were made by smart-contract defects and logic errors. There was growing pressure on developers to do pre-deployment audits.

Ethereum Bears the Heaviest Burden

Ether lost 310 security breaches and 1.69billion. The leading role of the platform drew advanced threat actors. Mean losses per Ethereum incident were 5.78million.

Bitcoin was next with $528 million emptied in 22 attacks. Cross-chain exploits have stolen 460,000,000 by 29 attacks. They managed to navigate several blockchain environments at the same time.

In 2025, the average hack paid off by 5.3 million. This was a 66 percent increase over the past years. Median losses decreased, however, to $103,996, or 35 per cent.

The disjuncture indicated changes in attacker strategy. Financed organizations were able to conduct fewer, larger-scale operations, and smaller events persisted but with less economic cost.

CertiK focused on AI-based detection and proactive threat intelligence. In the course of the report, the security company emphasized defensive innovations, such as personal data minimization and better access controls.