$2.47 Billion Evaporated… Blockchain Security Warning Lights Turned On Again in the First Half of 2025 - Certic Research

In the first half of 2025, security threats are once again emerging in the cryptocurrency market. According to the security analysis report for the second quarter and first half of 2025 released by CertiK Research, a total of 344 security incidents occurred in the global Web3 industry during the first half of the year, resulting in asset losses of approximately $2.473 billion. This figure already exceeds the loss scale for the entire year of 2024, suggesting that the structural security vulnerabilities in the cryptocurrency ecosystem remain at a serious level. Of particular note are two major security incidents during the first half of the year: the Bybit and Cetus Protocol-related hacks, which alone accounted for approximately 72% of the total damage, amounting to $1.78 billion. In May, Cetus Protocol suffered a theft of assets worth around $226 million through an attack on a decentralized exchange on the Sui chain. The hacker manipulated the liquidity pool function of the smart contract to steal funds, but approximately $162 million was later recovered through community governance. According to CertiK Research, another incident involving the Nobitex hack resulted in approximately $89.14 million being burned, with an analysis suggesting an increase in hacktivist-style attacks. In the second quarter of 2025, a total of 144 security incidents were reported, with cumulative damages of around $801 million. The number of incidents and loss scale decreased by 52.1% and 59 cases, respectively, compared to the previous quarter. However, the emerging "phishing" attack vector caused damages of $395 million, accounting for half of the quarter's total losses, indicating a changing security landscape. Code-based vulnerabilities and wallet theft resulted in losses of $236 million and $1.707 billion, respectively, on a half-yearly basis. Ethereum (ETH) experienced the most security incidents in the first half of the year, with 175 incidents and $1.635 billion in losses. This raises the need for enhanced security verification for Ethereum-based projects. The CertiK Research report attributes these large-scale damages to code vulnerabilities and lack of user security awareness, emphasizing a multi-faceted security system including private key management, phishing response strategies, and smart contract security testing. Global cryptocurrency regulatory changes are also significantly impacting the security environment. The United States has enacted Executive Order 14178, prohibiting central bank digital currencies (CBDC), and is pursuing state-led policies such as strategic Bitcoin reserve composition. The European Union has clarified the regulatory environment for stablecoin issuers and service providers through the MiCA bill, while Hong Kong, India, and Pakistan are also advancing digital asset legislative frameworks. In this half-yearly report, CertiK provides advanced technical research materials and educational blogs to prevent security incidents. Blockchain developers and investors can enhance their practical security capabilities through in-depth analysis of topics such as EVM and Cosmos technological convergence, token standard evolution, multi-party signature technology, and oracle manipulation attack responses. The report particularly notes that excluding single large-scale incidents, the total loss from security incidents in 2025 is around $690 million, suggesting room for improvement in the overall security environment. However, CertiK Research emphasizes the need to establish an ecosystem-wide security culture with continuous education, prevention, and response systems, as attackers become increasingly sophisticated and technological complexity increases.