The cryptocurrency trade has witnessed over $3.1 billion in losses through the first half of 2025, already surpassing the full for all of 2024.
In response to a report printed by blockchain safety agency Hacken, the determine displays persistent systemic vulnerabilities throughout each decentralized and centralized finance platforms, pushed by outdated codebases, access-control flaws, and the rising complexity launched by synthetic intelligence integrations.
Entry-control exploits stay the main trigger of monetary injury, contributing roughly 59% of the full losses, whereas smart-contract bugs accounted for round $273 million.
Though the $1.5 billion Bybit incident in February stands out as a significant occasion, it doesn’t obscure the truth that the trade continues to face broad safety shortcomings.
Hacken’s forensic workforce noticed a recurring theme in 2025: human and procedural errors at the moment are a extra frequent level of assault than cryptographic weaknesses.
Legacy Infrastructure and Operational Vulnerabilities
Hacken’s head of forensics, Yehor Rudytsia, famous that older codebases have remained energetic targets for attackers, with the GMX v1 platform being a key instance.
The protocol’s outdated construction started going through exploitation in Q3 2025. “Initiatives must care about their previous or legacy codebase if it was not stopped from working fully,” Rudytsia stated, emphasizing the dangers of leaving older protocols uncovered.
Operational vulnerabilities have additionally performed a distinguished position, accounting for about $1.83 billion in losses throughout each DeFi and CeFi. Essentially the most notable case was the $223 million breach on Cetus, a DeFi platform, throughout Q2. The exploit was traced to an overflow verify vulnerability in its liquidity calculations.
Utilizing a flash mortgage, the attacker opened tons of of small positions throughout 264 swimming pools. Hacken analysts steered that real-time TVL monitoring with computerized pause mechanisms might need prevented as much as 90% of the funds from being drained.
AI and Insecure APIs Add Complexity to Web3 Safety
The incorporation of synthetic intelligence instruments into Web3 tasks has added one other layer of complexity to the safety surroundings. In response to Hacken’s report, there was a 1,025% improve in AI-related assaults in comparison with 2023.
Practically 99% of those incidents concerned insecure APIs, making them one of the exploited assault surfaces immediately. As of mid-2025, 34% of Web3 tasks are utilizing AI brokers in reside environments, growing their publicity to dangers reminiscent of mannequin hallucination, immediate injection, and information poisoning.
Hacken additionally highlighted that current safety requirements like ISO/IEC 27001 and the NIST Cybersecurity Framework should not but adequately outfitted to deal with these AI-specific threats. The report referred to as for up to date governance and danger fashions that may higher account for evolving vulnerabilities in good techniques.
With extra refined menace vectors rising and attackers more and more counting on automation and social engineering, the demand for proactive and adaptive safety mechanisms within the crypto sector has grown considerably.
Featured picture created with DALL-E, Chart from TradingView
Editorial Course of for bitcoinist is centered on delivering totally researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent overview by our workforce of prime know-how specialists and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.
