Phishing Tops Web3 Attack Vectors as Losses Surpass $2.4B

In just six months, Web3 users and platforms have lost more to hacks and scams than in all of 2024. CertiK’s Q2 Hack3d report reveals a staggering $2.47 billion gone, raising fresh alarms over blockchain security.

Fewer Hacks, But Bigger Hits Define Q2

The second quarter alone saw $801 million in damages. According to Certik, two major incidents (Bybit hack and Cetus Protocol) account for nearly $1.78 billion of this year’s total losses, pointing to a few massive failures rather than widespread breakdowns

“Without those events, total losses in 2025 would stand at $690 million, indicating that the broader trend may not be as severe as raw figures imply,” states the report.

144 security incidents were reported in Q2, representing nealy 52% drop from Q1. Despite the decline in the number of incidents, the crypto space continues to face persistent threats.

Phishing Leads Q2 Crypto Losses

Phishing was the most expensive attack vector in Q2, with hackers stealing over $395 million.

Code vulnerabilities came next, causing nearly $236 million in losses across 47 exploits. Ethereum was the most targeted blockchain, facing 70 incidents and losing more than $65 million this quarter.

Meanwhile, Bitcoin suffered larger-scale attacks, with more than $373.6 million stolen.

Wallet Hacks Drive H1 Losses

During the first half of 2025, 344 security incidents were reported, resulting in losses exceeding $2.47 billion.

Wallet compromises caused the most damage, with more than $1.7 billion stolen across 34 incidents.

Phishing accounted for the highest number of attacks but was the second most costly, with losses totaling over $410.7 million.

Ethereum stood out as the most targeted blockchain, experiencing 175 hacks, scams, and exploits that led to losses exceeding $1.63 billion.

Few Large Hacks Inflate Average Loss Figures

In Q2, $180.9 million of stolen funds were recovered, cutting the adjusted losses to $620 million

According to CertiK’s report, the average loss per incident exceeded $4.3 million, but the median loss was much lower ($103,996), indicating that a few large hacks skewed the numbers.

Over the first six months of 2025, more than $187 million was returned to victims. The average loss per incident during this period was nearly $7.13 million, while the median loss stood at $89,026.

On the Flipside

• Beyond security incidents, H1 2025 has been marked by major global regulatory and market developments that shape the industry’s future

Why This Matters

Phishing and wallet hacks remain the leading cyber threats in Web3, targeting both users and platforms. As billions flow through decentralized platforms, users and investors face growing risks from phishing, wallet hacks, and code exploits.

Read DailyCoin’s popular crypto scoops:

SHIB Dev Throws Shade At Vitalik Over Donation Dispute
Bybit Expands to Europe with Fully MiCAR-Compliant Exchange

People Also Ask:

How do phishing attacks target crypto users? Attackers use fake websites, emails, or messages to lure users into giving up sensitive information or signing malicious transactions.

How can users protect themselves from phishing scams? Use hardware wallets, enable two-factor authentication, verify URLs carefully, and avoid clicking suspicious links.

Is Ethereum more vulnerable to phishing attacks than other blockchains? Ethereum is heavily targeted due to its popularity and ecosystem size, with many phishing scams aimed at its users.

What measures are Web3 platforms taking against phishing? Platforms enhance security by improving user education, implementing anti-phishing tools, and tightening wallet access controls.