Products
Ecosystems
Company
Blog

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Highlighted Stories
Reports
Security Reports

Hack3d: The Web3 Security Report 2025

12/23/2025
Hack3d: The Web3 Security Report 2025

Welcome to Hack3D: The Skynet Web3 Security Report for 2025, a data-driven examination of Web3 security trends, vulnerabilities, and threat intelligence across the Web3 ecosystem. CertiK’s Skynet Hack3D reports offer deep dives into the exploits, vulnerabilities, and trends that define blockchain and smart contract security. They’re built for security teams, dapp builders, and investors who need clear visibility into security risks, active hacks, and security challenges shaping Web3 technologies.

Each report contains detailed incident analyses, technical insights, and the most comprehensive statistics on hacks, scams, and exploits in the entire Web3 industry, DeFi protocols, wallets, NFTs, stablecoins, and cross-chain bridges.

Read the full report for free.

2025 Web3 Security: Activity Rebounds, Security Risks Evolve

The Web3 ecosystem in 2025 entered a period of renewed activity, driven by a combination of favorable macroeconomic conditions, improving market sentiment, and a markedly more crypto-friendly political climate in the United States. The new U.S. Administration signaled early that digital assets would be treated as a strategic innovation sector rather than a regulatory outlier, restoring confidence among builders and investors.

As liquidity returned to decentralized finance and tokenization pilots expanded for real-world assets (RWAs) like real estate,, decentralized applications broadened their reach into payments, gaming, tokenized assets, and identity, demonstrating crypto’s utility in everyday activities. This resurgence in growth, however, was matched by an equally active threat landscape as adversaries refined both technical and social engineering tactics, targeting private key management, authentication flows, and access control in high-value targets across Ethereum and other chains.

Year-Over-Year: Fewer But Bigger Impacts

Year-over-year comparisons between 2025 and 2024 illustrate the shifting nature of risk. Total losses in 2025 amounted to $3,352,850,816, versus $2,446,285,251 in 2024, representing an approximate 37.06% increase. However, when isolating the impact of the Bybit incident, which accounted for a disproportionately large share of annual losses at $1,447,063,421, the industry would have actually recorded a net decrease in funds stolen compared to 2024. This underscores a dominant Web3 security trend: attackers are concentrating resources into fewer, larger-scale operations that often involve cross-chain infrastructure, automation, and sophisticated algorithms. The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem.

Key Web3 Security Trends and Stats from 2025

  • The average amount lost per hack in 2025 was $5,321,935 (a 66.64% increase from the previous year), and the median amount stolen was $103,996 (a 35.75% year-over-year decrease). This widening gap reflects the scalability of attacker operations and uneven user experience and security measures across projects.
  • February was the most costly month of the year, with $1,537,106,876 lost across 58 incidents, the majority of which was due to the Bybit incident. Heightened cybersecurity posture and on-chain monitoring in subsequent months helped reduce blast radius.
  • Q1 of 2025 saw the most losses, with $1,671,644,949 stolen in 200 hacks, scams, and exploits. The subsequent quarter saw an approximate 52% decline in the amount stolen, suggesting adaptive defenses and improved frameworks for incident response.
  • Supply Chain was the most costly attack vector in 2025, with $1,450,914,902 lost across 2 incidents. This represents almost half of the total amount stolen during the year. Compromises often touched blockchain-based dependencies, CI/CD, and wallet integrations.
  • Phishing compromises followed, with $722,885,398 stolen across 248 incidents. Phishing was the attack vector with the highest number of incidents in 2025, slightly above Code Vulnerabilities at 240 incidents. Authentication hardening and access control remain critical, especially for dapps with real-time permissions.
  • Ethereum experienced the highest number of security incidents, with a total of 310 hacks, scams, and exploits leading to $1,697,833,313 in losses. This resulted in an average of $5,785,179 stolen per incident. As the largest Web3 ecosystem, Ethereum continues to be a prime target for hackers.
  • Hackers also heavily targeted Bitcoin with $528,221,350 stolen across 22 incidents.
  • Security breaches affecting multiple chains accounted for $460,769,793 in losses across 29 incidents.
  • Although not smart-contract-centric, price manipulation and infrastructure compromises also affected cryptocurrency services in 2025.
  • Security breaches affecting multiple chains accounted for $460,769,793 in losses across 29 incidents.

Emerging Technologies and Defensive Security Solutions

The report also details CertiK’s top achievements of 2025, the features of CertiK’s security suite, how to protect yourself against phishing, and an analysis of the top security incidents of the year.

We also highlight AI-powered detection, personal data minimization, and proactive threat intelligence that fortifies decentralized applications and security solutions across chains.

Why Hack3D Matters for Builders and Risk Teams

The 2025 Skynet Hack3D Report is an indispensable resource for all stakeholders in Web3, from developers and investors to policymakers and enthusiasts. It offers a mix of technical depth, market analysis and insights, and forward-thinking projections, making it a crucial guide for understanding and navigating this dynamic industry.

Whether you’re shipping a DeFi protocol, scaling stablecoins, or exploring real-world assets tokenization, Hack3D maps the security risks and security challenges that matter most, along with actionable security measures.

Take Action: Strengthen Your Program with CertiK

Join us as we look back on the pivotal developments of 2025, learning the lessons that need to be learned, acknowledging the progress we’ve undoubtedly made, and looking forward to a secure future for the Web3 world.

Engage CertiK for penetration testing, smart contract audits, KYC, and risk management to harden your defenses across the full Web3 technologies stack.

Read the report for free here.

Related Stories
2026 Skynet Prediction Markets Report
Technical Blogs
Educational
New
Prediction markets crossed into the mainstream in 2025, with annual trading volume growing 4x and a small number of dominant platforms emerging. Kalshi, Polymarket, and Opinion now control the vast majority of global volume, each pursuing distinct regulatory and technical strategies.
2/10/2026
Skynet Wrench Attacks Report
Reports
Security Reports
In 2025, wrench attacks unfortunately crossed a critical threshold. What was once treated as an edge-case risk has become a structural threat to digital asset ownership. Attackers are no longer acting opportunistically; they are operating as organized, transnational groups that combine OSINT-driven targeting, social engineering, and extreme physical violence to extract private keys.
2/2/2026
Skynet U.S. Digital Asset Policy Report
Reports
Industry Research
This report summarizes the legal mechanics, market-structure impacts, and operational requirements of this new regime. It also examines the remaining fragmentation at the state level (the ‘Preemption Gap’) and shows how a de facto ‘Universal Baseline’ of cybersecurity and AML/CFT expectations now governs multi-state operators.
12/4/2025
Elevate Your Web3 Journey
Ready to take the next step? Connect with our sales team to request your free quote and secure your project today!
Client Testimonials
CertiK Logo
SOCISO Logo
© Copyright 2026 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditProof of Reserves Audit
Skynet
Skynet Score
KYC VerificationPenetration TestingDLT Security SolutionsVARA Compliance SolutionsBug BountyFormal VerificationAdvisory ServiceSkyNodeSkyInsights
Company
AboutVenturesResearchBlogMedia KitWorker ValidationCareersDisclaimer
Policy:Privacy
Cookie
Terms and ConditionsTrust and Security
Social Media
CertiKCertiK SkynetCertiK AlertTelegramYoutube
MediumLinkedIn
WeChat
Discord
MediumLinkedIn
WeChat
Discord
© Copyright 2026 by CertiK. All Rights Reserved.