More than $3.1 billion in cryptocurrencies were lost in 2025. Access control exploits have become the main channel for theft (59% of the total amount of losses). Hackers also used phishing (19.2%) and errors in smart contracts (8.*%), rag pools (9.7%), and various types of fraud. That is, in just half of this year, the amount has already exceeded $2.85 billion for the entire year of 2024 Bybit crypto exchange hacked for $1.5 billion in February was an exceptional case.

One of the most recent high-profile cases of smart contract vulnerability exploitation was GMX v1 exchange incident. The target was an outdated code base. The hackers managed to steal $40 million.

Operational security deficiencies accounted for the majority of the $1.83 billion in losses on both decentralized finance (DeFi) and centralized finance (CeFi) platforms.

Exceptions included Cetus Protocol hack, when hackers managed to steal $223 million in 15 minutes.

In total, in the first half of 2025, there were:

the largest hacker attack in history (ByBit, $1.465 billion)

the largest hacker attack due to a smart contract vulnerability (Cetus, $223 million)

the largest theft from a person (USA, $330.7 million)

the largest fraud ($LIBRA tokens, $300 million)

the first major breach due to a vulnerability in the Uniswap V4 hook (Cork, $12 million)

hacking after the longest period since deployment, lasting more than 2 years (1inch’s Settlement, $5 million)

Artificial intelligence (AI) and large-scale language models (LLMs) have long been deeply integrated into both Web2 and Web3 ecosystems. This has led to a surge in attacks related to these technologies. The number of AI-related exploits increased by 1025% compared to 2023. Moreover, 98.9% of attacks are related to insecure APIs.

The main problem is that traditional cybersecurity frameworks (ISO/IEC 27001 and the NIST Cybersecurity Framework) are not yet ready to address risks unique to AI, such as hallucinations, prompt injections, and data poisoning.

Source: Hacken