2025 Half-Year Web3.0 Security Situation Analysis Report

Recently, a report on the security situation of Web3.0 in the second quarter and the first half of 2025 has attracted widespread attention in the industry. The report shows that losses due to security incidents in the first half of 2025 have approached $2.5 billion, exceeding the total for the previous year. Overall, the security situation of Web3.0 remains serious, and the methods of threats continue to evolve and upgrade.

Key Data

Q2 2025:

• A total of 144 on-chain security incidents occurred in the Web3.0 industry, with total losses approximately amounting to $800 million. Compared to the previous quarter, the total amount of losses decreased by about 52.1%, and the number of security incidents decreased by 59.

• Phishing attacks caused the largest losses, with a total of 52 security incidents leading to approximately $400 million stolen. Following that are code vulnerability attacks, with 47 security incidents resulting in approximately $240 million stolen.

• Approximately $180 million of stolen funds have been recovered, with a net loss totaling about $620 million.

First half of 2025:

• A total of 344 security incidents occurred, with cumulative losses amounting to 2.47 billion US dollars.

• Wallet thefts caused the most severe financial losses, with 34 incidents resulting in approximately $1.71 billion in losses. Phishing attacks were next, with a total of 132 security incidents occurring, leading to losses of about $410 million, making it the most frequent type of attack.

• The total amount of recovered stolen funds is approximately $190 million, with a net loss of approximately $2.29 billion.

Security Trends

As of June 30, the cumulative net loss for 2025 reached $2.29 billion, surpassing last year's total net loss of $1.98 billion. Although the overall data indicates an increasingly severe security situation, approximately $1.78 billion of this year's losses are concentrated in two major incidents. Excluding these two events, the overall industry loss this year would be $690 million, and the risk landscape still needs to be viewed dialectically.

From the perspective of attack methods, although the leak of private keys attracted widespread attention in 2024, this issue has significantly decreased in the first half of 2025. However, phishing attacks have surged, becoming the most threatening attack method currently. As phishing techniques become increasingly covert and deceptive, users urgently need to enhance their security awareness: avoid clicking unknown links, carefully verify website domain names, enable multi-factor authentication, and it is also recommended to use hardware wallets for private key management.

Industry Trends

In addition to security incidents, several globally influential regulatory and market development dynamics occurred in the first half of 2025, which will profoundly impact the future direction of the cryptocurrency industry:

• The United States has abolished its previous digital asset policy through Executive Order 14178, banning any form of government-issued CBDC (Central Bank Digital Currency) and introducing a brand new regulatory framework.

• The United States has officially established a strategic Bitcoin reserve, using seized assets to build a sovereign-level crypto asset reserve.

• The EU's Markets in Crypto-Assets Regulation (MiCA) has come into full effect, providing clear regulatory guidance for stablecoin issuance and crypto asset service providers.

• Hong Kong has passed legislation related to stablecoins, requiring issuers to obtain a license and have a clear redemption mechanism.

• India has announced that it will release a policy document regarding the regulation of digital assets.

• Pakistan has established its first Bitcoin reserve and is building energy infrastructure to support crypto mining.

• A stablecoin issuance company has launched an IPO, while another well-known stablecoin company has expanded into the commodity-backed stablecoin application field and made large-scale investments in Latin America.

Conclusion

As an important report in the field of Web3.0 security, the security analysis released this time provides valuable insights for the industry. The report highlights the major security challenges faced by the current Web3.0 ecosystem and predicts future security trends. As the cryptocurrency industry continues to evolve, security issues will remain a focal point of concern. Industry participants need to continuously enhance their security awareness and take effective measures to address increasingly complex security threats.