The crypto industry is facing a devastating year for security. In just the first six months of 2025, more than $3.1 billion in digital assets has been lost to hacks, scams, and protocol exploits, according to a new report from cybersecurity firm Hacken.

The figure already exceeds 2024’s full-year loss of $2.85 billion, marking a 6% rise and placing 2025 on track to become the most damaging year for crypto security breaches in recent memory.

Access-Control Failures Dominate Attack Vectors

The overwhelming majority of losses—around $1.83 billion or 59%—came from access-control failures, where attackers exploited privileged roles, leaked keys, or insufficient system protections on centralized and decentralized platforms.

The most catastrophic of these was the Bybit hack in Q1, where nearly $1.5 billion was drained in a single exploit. This incident alone accounted for 83% of all losses in Q1, underscoring how critical access controls are to protocol safety.

“2025 has been a wake-up call,” said Hacken Co-Founder and CBDO Yevheniia Broshevan.
“As blockchain reaches enterprise scale and regulations advance, cybersecurity becomes a core business function.”

DeFi Endures Worst Quarter Since 2023

Decentralized finance (DeFi) platforms continued to be a hot target for attackers, losing $300 million in Q2 alone—the worst quarter since early 2023. A significant portion came from smart contract vulnerabilities, which accounted for $263 million in losses.

One of the year’s biggest DeFi failures so far was the Cetus exploit, which alone resulted in the theft of $223 million.

Phishing and Social Engineering Reach New Highs

The rise in phishing attacks and social engineering scams added to the damage:

• In April, a single victim was tricked out of $330 million in Bitcoin—one of the largest individual losses ever.
• Attackers posing as Coinbase support exploited a contact data leak, scamming victims out of over $100 million through phone-based impersonation.

Comparative Decline in Q2, But Risks Remain

Although Q2 saw lower total losses from access control issues compared to Q1 (under $200 million), the threats remain substantial. Several incidents showed how one compromised admin key or over-permissioned role can be enough to take down entire systems within minutes.

The report also notes that as regulatory scrutiny increases and blockchain adoption grows, cybersecurity is no longer optional—it’s a business-critical investment for long-term viability.

Key Stats at a Glance

Conclusion

With $3.1 billion already gone by mid-2025, crypto’s security landscape is being stress-tested like never before. The sector’s vulnerabilities—from poor access controls to unpatched smart contracts—highlight a pressing need for robust cyber defenses, auditing, and user education.

For builders and investors alike, the takeaway is clear: invest in resilience—or risk being the next headline.