Cryptocurrency Sector Faces Significant Losses
In a startling revelation, a recent report from blockchain security specialist Hacken indicates that the cryptocurrency sector has experienced losses exceeding $3.1 billion in 2025, primarily due to various security vulnerabilities, including bugs in smart contracts, flaws in access control, fraudulent schemes, and rug pulls. This staggering amount for the initial half of this year exceeds a total of $2.85 billion lost throughout all of 2024, underscoring the escalating risks within the digital asset landscape.
Major Incidents and Contributing Factors
A significant incident that contributed to this total was the $1.5 billion hack suffered by Bybit in the first quarter of 2025, which stands out as a major anomaly amidst the overall trend. The report notes that access-control weaknesses have been the primary contributors, accounting for approximately 59% of the total losses. Additionally, around $263 million was lost due to vulnerabilities in smart contracts, contributing to roughly 8% of the total.
Yehor Rudytsia, who leads the Forensics and Incident Response team at Hacken, expressed concerns about the critical exploitation of outdated code, specifically referencing GMX V1, which became a target in Q3 of 2025. “It’s essential for projects to pay attention to their older codebases, especially if they are still in operation,” he advised.
Shifting Tactics of Malicious Actors
As the cryptocurrency market evolves, malicious actors have shifted tactics, moving away from exploiting cryptographic flaws to focusing more on human errors and procedural weaknesses. This trend includes sophisticated attacks like blind signing, leaks of private keys, and highly orchestrated phishing efforts, illustrating a significant weakness in access control systems which still lag behind essential technical safeguards.
Operational Security Vulnerabilities
In terms of operational security vulnerabilities, losses have reached $1.83 billion across decentralized finance (DeFi) and centralized finance (CeFi) platforms combined. A particularly notable incident occurred in Q2 2025, when the Cetus hack drained $223 million in merely 15 minutes, marking it as the most devastating quarter for DeFi since early 2023 and interrupting a streak of five consecutive quarters with decreasing exploit-related losses.
The quarter also saw a reduction in access-control losses within DeFi to just $14 million, the lowest figure since Q2 of 2024, contrasted by a spike in smart contract exploits during the same timeframe. The Cetus incident specifically took advantage of a vulnerability regarding overflow checks in liquidity calculations, compounded by the attacker’s use of a flash loan to strategically maneuver across 264 pools. Hacken noted that if real-time monitoring and auto-pause functions were in place, nearly 90% of the drained funds could have been safeguarded.
Impact of Artificial Intelligence on Security
Additionally, concerns are rising over the impact of artificial intelligence (AI) on cryptocurrency security. The growing integration of AI and large language models (LLMs) within both Web2 and Web3 environments, while paving the way for innovation, has simultaneously expanded the attack surface, creating new security challenges. Reports indicate a jaw-dropping 1,025% increase in AI-related exploits compared to 2023, with 98.9% linked to insecure application programming interfaces (APIs). Furthermore, an alarming 34% of Web3 projects are currently utilizing AI agents in their operational environments, presenting an enticing target for cybercriminals.
Traditional cybersecurity measures, such as ISO/IEC 27001 and the NIST Cybersecurity Framework, are insufficient in addressing the unique risks associated with AI, including issues like model hallucinations and adversarial data manipulation. As such, there is a pressing need to adapt these frameworks to better encompass the distinct challenges posed by the proliferation of AI technologies in the cybersecurity landscape.
