Web3 platforms suffered catastrophic losses totaling $3.1 billion in the first half of 2025, already exceeding 2024's full-year losses, according to Hacken's mid-year security report. Access control failures dominated the damage at $1.83 billion, primarily occurring in Q1, while phishing/social engineering scams stole $600 million and smart contract vulnerabilities drained $263 million.
Most alarmingly, AI-related attack vectors surged by 1,025% compared to H2 2024, exploiting insecure API designs, weak input filtering, and flawed model access controls. The largest single incidents included the $290 million Munchables breach and $136 million Pike Finance attacks. Ethereum bore 61.4% of total losses, followed by BNB Chain (20.2%) and Arbitrum (11.4%).
Hacken Co-Founder Yevheniia Broshevan called 2025 "a wake-up call," emphasizing that "cybersecurity becomes a core business function" amid enterprise blockchain adoption. The report warns that standard audits are insufficient against evolving threats, noting DeFi protocols comprised 69% of incidents, while CeFi suffered fewer but costlier breaches.
Geopolitical actors and organized groups increasingly target blockchain infrastructure, with AI complexity outpacing security frameworks. The report urges automated defenses and anticipates regulatory coordination between Web3 firms and agencies under frameworks like MiCA.