Hacken, a globally known blockchain security auditor, underlines in its most recent report that total losses in H1 2025 reached over $3.1 billion in cryptocurrencies, occurring due to various security issues.
The lost amount in H1, 2025, is much more than $2.85 billion lost throughout 2024, yet Hacken notes that losses in the first quarter this year are primarily caused due to smart contracts, vulnerability, access control bugs, rug pull, and scams.
Hacken’s report also notes that access control exploits were at the top, accounting for around 59% of total losses, amounting to nearly $1.83 billion across decentralized platforms and centralized platforms.
Second most prominent remains the smart contracts vulnerability which hit the market in $263 million losses in crypto. The hack of Bybit in February 2025 resulted in losses of nearly $1.5 billion was a significant outlier.
The hack of Cetus is also termed among the most devastating hacks in crypto in the year 2025; the hacker looted around $220 million or more in just a few minutes.
Social engineering and phishing remain at peak
The report by Hacken notes that the collective losses from social engineering and phishing have reached $600 million.
However the total losses in Q1, 2025 was $2,063,445,000 and the losses in Q2, 2025 are $1,030,521,000. The biggest rug pull this year crypto market faced is the LIBRA token which reportedly resulted in losses over $300 million.
The report notes, “ The single biggest hit was a $330 million bitcoin theft from an elderly US holder, where complex social-engineering tactics convinced them to hand over wallet access. The attacker peeled the BTC through hundreds of wallets, mixed it into Monero (pushing its price up 50%), bridged some funds into Ethereum, and only a fraction of the stolen coins were ever frozen.”
According to Hacken, Q4 2024 and Q1 2025 were dominated by access-control failures, which drowned out most bug-based thefts. This quarter, however, access-control losses in DeFi fell to just $14 million (its lowest since Q2 2024’s $28.5 million), while smart-contract exploits increased sharply.
