Overview of Blockchain Security Breaches in 2025
During the first six months of 2025, the blockchain sector experienced staggering losses exceeding $2.37 billion attributed to a series of security breaches, significantly impacting decentralized finance (DeFi) platforms. A new report from SlowMist indicates that while the number of incidents has actually decreased, the financial ramifications have escalated, with losses rising nearly 66% compared to the same period last year.
Impact on DeFi and Centralized Exchanges
The DeFi sector was notably affected, accounting for around 76.03% of reported incidents and suffering losses close to $470 million. In contrast, centralized exchanges (CEX) faced monumental hits as well, with a striking total of $1.883 billion lost across just 11 incidents, highlighting the allure of high-value targets for cybercriminals. The primary cause of these breaches was found to be account compromises, with weaknesses in smart contracts following closely behind.
Emerging Fraud Schemes and AI Exploitation
In addition to substantial attacks on various cryptocurrency projects, SlowMist’s analysis shed light on a troubling trend of increasing fraud schemes directed at individual users. Notably, scams have become more sophisticated, thanks to advancements in artificial intelligence that allow attackers to operate through intricate methods. For instance, the recent implementation of Ethereum’s EIP-7702 contract delegation feature provided opportunistic criminals with a new weapon for exploitation. A user fell prey to a phishing scam involving this feature and lost approximately $146,551 when the Inferno Drainer group manipulated a seemingly legitimate contract to empty the user’s wallet.
Trust-Based Scams and Deepfake Technology
Moreover, 2025 ushered in a wave of what are now branded as “trust-based scams,” enabled by generative AI technology. A prominent case involved a fraudulent Zoom meeting that utilized deepfake technology to deceive Mehdi Farooq, a venture capital partner, leading to the loss of his entire cryptocurrency assets. Other notable fraudulent activities have included the use of AI-generated videos impersonating prominent individuals like Elon Musk and Singapore officials to promote deceptive investment opportunities.
Compromised User Devices and Malware
Attackers have deployed multiple tactics to compromise user devices. Misdirected users received counterfeit messaging through fake social media accounts, redirecting them to Telegram platforms where they encountered “Tap to verify” links linked to malicious PowerShell commands. Such attacks resulted in total device takeovers, exposing sensitive information such as wallet files and private keys.
Additionally, security threats have manifested in the guise of “Web3 security tools.” Cybercriminals have effectively taken over legitimate update mechanisms to install malware that steals sensitive user data. A worrying example involved a malicious update pushed to more than 2.6 million users of an extension known as “Osiris.”
Phishing Attacks and Social Engineering
The risk of phishing attacks targeting tech professionals surged in 2025, notably via LinkedIn, where attackers masqueraded as blockchain startups to entice engineers into downloading disguised malware under the pretense of technical evaluations. In one incident, the attackers used professional documentation to eventually lure individuals to platforms laden with encrypted malicious software.
A notorious case of social engineering emerged with a coordinated attack on Coinbase, where perpetrators strategically bribed overseas customer support staff to obtain sensitive user information. From there, they utilized spoofed communications to impersonate Coinbase representatives, leading to scam victims inadvertently transferring assets to curated wallets – resulting in a staggering $100 million in total losses for users.
Risks for Developers and Malicious Packages
Developers seeking to experiment with AI models through unofficial channels were also at risk, as nefarious npm packages reportedly compromised hundreds of thousands of dollars due to malicious code disregarding software integrity. The report noted that 4,200 developers were affected, mostly on macOS, enabling attackers to execute remote control functions and facilitate credential theft.
Exploitation of Large Language Models
Furthermore, SlowMist highlighted the emergence of various “jailbroken” large language models (LLMs), which are exploited to create unethical content such as malware and finely-crafted phishing schemes. Notable examples include WormGPT and FraudGPT, both of which adeptly generate content that enhances the efficacy of scams and phishing operations, with DarkBERT and GhostGPT facilitating even more targeted campaigns. These trends emphasize the growing complexity and danger within the blockchain security landscape.
