SlowMist’s 2025 mid-year report reveals blockchain security incidents resulted in $2.373 billion losses across 121 attacks during the first half of 2025. The data shows DeFi protocols remained primary targets while exchange breaches generated the largest individual losses, highlighting persistent vulnerabilities in crypto infrastructure. Blockchain security sector shows mixed patterns The first half of 2025 witnessed 121 security incidents across blockchain networks, a decrease from 223 incidents reported in the same period of 2024. However, total losses increased by approximately 65.94%, reaching $2.373 billion compared to $1.43 billion in the previous year’s first half. The most targeted network was Ethereum, which lost $38.59 million to attacks. Solana lost $5.8 million, and Binance Smart Chain lost $5.49 million worth of stolen funds. The fact that they were targeted implies that they are the most liquid and possess enormous user bases. Source: SlowMist DeFi protocols were hit the hardest by security attacks, racking up 92 incidents or 76.03% of reported cases. The losses from the attacks accounted for approximately $470 million, down from $659 million in the first half of 2024. The decline of 28.67% in DeFi-related losses shows the implementation of improved security features in decentralized finance systems. Centralized exchanges were less targeted, with 11 reported cases. Still, the attacks inflicted disproportionately enormous losses totaling $1.883 billion. The worst was that of Bybit , which lost approximately $1.46 billion in one case, showing the high-risk exposure of large exchanges. Account compromise has surfaced as the leading attack vector, responsible for 42 security incidents. Smart contract vulnerabilities followed closely, accounting for 35 separate breaches. Two incidents exceeded $100 million in losses, with the top 10 largest attacks collectively causing $2.018 billion in damages. Fraud tactics changed across multiple attack vectors SlowMist stated that the first half of 2025 witnessed multi-vector scams targeting infrastructure and direct users. Phishing attacks on EIP-7702 authorization actions gained traction, with attackers exploiting new delegating contract mechanisms to drain wallets. The Inferno Drainer group was able to steal $146,551 through these methods, tricking users into signing legitimate contracts that were then taken over and exploited for malicious purposes. Deepfakes have become one of the primary scammer tools for trust-based scams because the attackers created realistic video and audio materials with crypto influencers and exchange executives. The deepfakes substituted fake investment scams and bypassed traditional verification processes. Police officials in Hong Kong and Singapore found different fraud syndicates using deepfake technology, with one of the operations targeting victims in different Asian countries and causing losses of over HKD 34 million. Spam security protection scams on Telegram spread during the period, mainly targeting users through fake clipboard activities presented as security verification exercises. The attacks caused victims to run PowerShell scripts that deployed remote access trojans, taking over devices and appropriating cryptocurrency balances. Malicious browser add-ons kept on targeting crypto users by presenting themselves as Web3 security tools. The example of the Osiris extension illustrates how attackers hijacked download links from genuine websites, replacing software with the malicious alternative without changing the look and feel of authentic sources. LinkedIn recruitment phishing extended beyond the normal employment scams, with hackers pretending to be blockchain projects to spread crypto-infected code repositories. Social engineering Coinbase user attacks involved compromised internal employees who leaked KYC information. Asset recovery and regulatory actions show progress Asset freezing and recovery operations were quantifiable during the first half of 2025. 209 Ethereum addresses of USDT-ERC20 assets were frozen by Tether, and Circle froze 44 Ethereum addresses of USDC-ERC20 tokens. These coordinated operations were effective in stemming the flow of criminal proceeds on prominent stablecoin platforms. Recovery was achieved in nine major incidents in which losses were recovered in whole or in part after attacks. The money stolen overall in the incidents was approximately $1.73 billion, and almost $270 million was indeed returned or frozen. This represents an 11.38% rate of recovery, a relatively high rate compared to recent years. SlowMist’s InMist Lab threat intelligence group facilitated asset defense operations and assisted in freezing around $14.56 million of illegally stolen assets over the six-month duration. The KiloEx breach was an exemplary case of coordinated response success, whereby $8.44 million of stolen assets was recovered in its entirety within 3.5 days through concerted effort between the security team and the project stakeholders. Global regulatory frameworks developed in various jurisdictions as governments introduced specific standards for crypto exchanges and stablecoin rules. The United States implemented the GENIUS Act, while Hong Kong became operational with its Stablecoin Ordinance on August 1. The member states of the European Union have implemented the Anti-Money Laundering Regulation, prohibiting anonymous crypto accounts and off-exchange coin transactions. These measures built a more advanced worldwide network of crypto financial rules, with more coordination among regulators and top platforms enhancing deterrence against crime on-chain. Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now