CertiK's "Hack3d: Security Report for the First Quarter of 2025" has been released. This report deeply analyzes the security status of the Web3.0 field from January to March 2025. In the first quarter of 2025, there were 197 security incidents, with a total loss of approximately US$1.67 billion, a surge of 303.4% from the previous quarter. Among them, the Bybit incident caused a loss of approximately US$1.45 billion, triggering widespread discussion on the security of centralized exchanges.

Key data

  • Quarterly data : In the first quarter of 2025, there were 197 on-chain security incidents in the Web3.0 industry, with a total loss of approximately US$1.67 billion. Compared with the previous quarter, the total loss increased by approximately 303.4%, and the number of security incidents increased by 6.
  • Attack method : Wallet theft caused the most serious financial losses in the first quarter of 2025, with only 3 incidents resulting in the theft of approximately $1.45 billion. The second largest category was private key leakage (as a subcategory of wallet vulnerabilities), with 15 incidents resulting in a total loss of approximately $140 million. Phishing attacks have a lower single loss amount, but occur most frequently, with 81 phishing attacks this quarter resulting in a total loss of nearly $16 million.
  • On-chain distribution : Ethereum is the blockchain that suffered the most security incidents, with a total of 98 attacks, frauds, and vulnerability exploits, with a total loss of approximately US$1.54 billion.
  • Losses recovered : $6.39 million of stolen funds were successfully recovered this quarter, and the adjusted actual total loss was approximately $1.66 billion. Only 0.4% of the stolen funds were recovered this quarter, far lower than 42.1% in the previous quarter, which makes the actual net loss even more severe. In fact, no stolen funds were successfully recovered in February 2025.
  • The average loss per incident was approximately $9.55 million, and the median loss was approximately $66,000.

Security Trends

Although the total loss amount caused by phishing this quarter is much lower than that of private key leakage and wallet theft, the number of phishing incidents is still higher than other attack methods. The decentralized risk brought by high-frequency and low-loss phishing attacks can no longer be ignored.

The increase in phishing may be related to increasingly sophisticated social engineering tactics, such as fake decentralized applications (dApps), malicious browser extensions, and deepfake-based identity impersonation, making it easier for users to unknowingly disclose sensitive information.

The race between innovation and attack is accelerating, and the development of security defenses is unable to keep up with the increasingly sophisticated attack methods. Hackers are using social engineering, AI, contract manipulation and other means to break through security defenses. As the adoption rate of digital assets increases and asset valuations rise, CertiK predicts that the amount of digital asset theft may continue to rise.

However, the advancement of blockchain technology may change this situation in the future. For example, security innovations such as zero-knowledge proof (ZKP), on-chain forensics tools, and multi-party computing (MPC) wallets are expected to improve overall protection capabilities and reduce the threat of existing attack methods. The next few quarters will be a key test period for the Web3.0 industry's risk resistance.

Industry Trends

Despite significant security incidents, the first quarter of 2025 saw some important regulatory and strategic developments. ​

For example, the US government announced the establishment of a Strategic Cryptocurrency Reserve to ensure the financial interests of the United States in the digital asset ecosystem. In addition, the US Securities and Exchange Commission (SEC) established a Crypto Task Force , shifting to providing clearer regulatory guidance rather than the previous "enforcement first" strategy that hindered innovation. The European Union passed the Markets in Digital Assets Act (MiCA) to finalize technical standards and further promote its regulatory implementation in the field of Web3.0 compliance.

Quarterly Review

At the beginning of this quarter, Professor Ronghui Gu, co-founder of CertiK, went to South Korea to conduct strategic cooperation exchanges and formally signed a memorandum of understanding (MOU) for strategic cooperation with Busan Digital Asset Exchange (Bdan) . During the period, Professor Gu also met with important Korean partners such as Wemix, Kaia, United Games and GBBC to further expand the scope of cooperation. At the same time, Professor Gu was invited to accept exclusive interviews with well-known Korean media etoday and TokenPost to express his insights on the Korean market, new global regulatory trends and CertiK's strategic layout.

During the Hong Kong Consensus in February, CertiK, OceanBase and OKLink jointly hosted the "CertiK Space" event . During the event, Professor Gu Ronghui was interviewed and systematically explained the trend of the co-evolution of technology, business and regulation ; Professor Li Kang, CertiK's Chief Technology Officer, analyzed the threats brought by the evolving attack methods of hacker organizations .

This quarter, CertiK also jointly released its latest research work with Ant Cryptography - formal verification of the core components of the Asterinas operating system , which attracted the attention and coverage of many well-known media such as Phoenix.com, NetEase News, and Sina Finance.

This quarter, CertiK also published a number of technical analysis and popular science articles:

At the same time, CertiK's Chief Business Officer was a guest on the Cointelegraph podcast, discussing in depth the Bybit incident and Web3.0 security .

Conclusion

CertiK’s quarterly report also provides in-depth analysis of the most attacked blockchains, the three major security incidents of the quarter, the development trends of Web3.0, and provides users and project owners with suggestions for improving security.

You are welcome to click here to read the full "Hack3d: 2024 Annual Security Report" for more comprehensive analysis, insights and recommendations.