Key Takeaways:
Total crypto losses reached $2.47B in H1 2025, up 3% YoY, but Q2 losses dropped 52% from Q1.
Two major hacks — Bybit ($1.5B) and Cetus Protocol ($225M) — accounted for over 70% of total losses.
Wallet hacks were the most damaging, stealing $1.7B, while phishing topped the number of incidents.
Ethereum remains the most targeted blockchain for hacks and scams.
Regulatory developments in the U.S., EU, and Hong Kong are shaping a more secure crypto landscape.
Despite headline-grabbing exploits, crypto-related losses in the first half of 2025 totaled $2.47 billion, a modest 3% increase over the same period in 2024, according to a new report from blockchain security firm CertiK. Encouragingly, Q2 showed signs of recovery, with losses dropping 52% compared to Q1 and 59 fewer incidents reported.
“This decline suggests an improving security posture despite high-profile incidents,” CertiK noted in its H1 2025 security update.
Two Major Attacks Accounted for $1.78B in Losses
More than 70% of the losses stemmed from just two incidents:
Bybit lost $1.5 billion in ETH after cold wallet vulnerabilities were exploited on Feb. 21.
Cetus Protocol, a key DEX on the Sui blockchain, was drained of $225 million on May 22.
CertiK emphasized that without these two events, total crypto losses would have stood at $690 million, suggesting the broader trend may not be as severe as the raw numbers imply.
Wallet Hacks, Phishing Remain Top Threats
While phishing accounted for the most incidents (132), wallet hacks were by far the most costly, stealing over $1.7 billion across just 34 events. CertiK warned that phishing campaigns are becoming more deceptive and called for stronger user protection measures:
“Users should avoid unknown links, verify domains, enable multifactor authentication, and consider hardware wallets.”
Ethereum Still the Prime Target
The Ethereum blockchain remained the most exploited, with 70 incidents reported in Q2 — down from 98 in Q1, but still leading due to Ethereum’s dominance in DeFi and smart contracts.
“Ethereum’s deep DeFi footprint and large TVL make it a prime target for attackers,” CertiK said.
Regulatory Shifts Strengthen Industry Outlook
Beyond technical attacks, CertiK noted that global regulatory momentum is helping reshape the security and compliance landscape in crypto:
U.S.: SEC under President Donald Trump is rolling back enforcement actions and supporting pro-crypto legislation.
Hong Kong: Passed its Stablecoin Bill, creating a regulatory framework for digital assets.
European Union: MiCA regulation came into force on Dec. 30, introducing uniform rules for crypto markets.
“These developments signal growing institutional interest and a maturing regulatory environment,” CertiK concluded. “As new capital enters the space, maintaining rigorous security standards will be more critical than ever.”
