The mid -year report in 2025 of Slowmist reveals that the blockchain security incidents resulted in losses of $ 2.373 billion out of 121 attacks during the first half of 2025.
The data show that the DEFI protocols have remained main targets while exchange violations have generated the greatest individual losses, highlighting persistent vulnerabilities in cryptographic infrastructure.
The blockchain security sector shows mixed models
The first half of 2025 experienced 121 security incidents in blockchain networks, a decrease of 223 incidents reported during the same period of 2024. However, total losses increased by around 65.94%, reaching $ 2.373 billion against $ 1.43 billion in the previous year.
The most targeted network was Ethereum, which has lost $ 38.59 million against attacks. Solana lost $ 5.8 million and Binance Smart Chain lost $ 5.49 million in stolen funds. The fact that they have been targeted implies that they are the most liquid and have huge user bases.
The DEFI protocols have been struck by safety attacks, accumulating 92 incidents or 76.03% of the cases reported. The losses against attacks represented around $ 470 million, compared to $ 659 million in the first half of 2024. The 28.67% drop in losses related to DEFI shows the implementation of improved security characteristics in decentralized finance systems.
Centralized exchanges were less targeted, with 11 cases reported. However, attacks have inflicted disproportionate losses totaling $ 1.883 billion. The worst was that of Go throughwhich lost around $ 1.46 billion in one case, showing high risk exposure of large exchanges.
The account compromise has surfaced as the main attack vector, responsible for 42 security incidents. The vulnerabilities of intelligent contracts followed closely, representing 35 separate violations. Two incidents exceeded $ 100 million in losses, the 10 main largest attacks causing collectively $ 2.018 billion in damages.
Fraud tactics have changed through several attack vectors
Slow said the first half of 2025 saw multi-voter scams targeting infrastructure and direct users.
The phishing attacks against the authorization actions of the EIP-7702 gained ground, the attackers operating new mechanisms of delegation contract to drain the portfolios. The Inferno Raileur group was able to steal $ 146,551 thanks to these methods, encouraging users to sign legitimate contracts which were then taken up and exploited for malicious purposes.
Deepfakes have become one of the main crook tools for confidence -based scams, because the attackers created realistic video and audio documents with cryptographic influencers and exchange frames. Deepfakes replaced the false investment scams and bypassed traditional verification processes.
Police officials from Hong Kong and Singapore found different fraud unions using Deepfake technology, with one of the operations targeting victims in different Asian countries and causing losses of more than 34 million HKDs.
The SPAM security protection scams on the telegram spread during the period, targeting users mainly through false clipboard activities presented as security verification exercises. The attacks led the victims to manage the PowerShell scripts which deployed Trojan horses remotely, taking control of the devices and appropriating the cryptocurrency sales.
Malicious browser supplements Continued to target crypto users by presenting themselves as web 3 safety tools. The example of the Osiris extension illustrates how attackers have diverted download links from authentic websites, replacing the software by the malicious alternative without changing the appearance of authentic sources.
The phishing of LinkedIn’s recruitment extended beyond normal employment scams, the pirates claiming to be blockchain projects to disseminate code standards infected with crypto. Social engineering Coinbase User attacks involved compromise internal employees who disclosed KYC information.
The recovery of assets and regulatory actions show progress
Asset freezing and recovery operations were quantifiable during the first half of 2025. 209 The Ethereum addresses of USDT-RC20 active ingredients were frozen by Tether, and the circle frozen 44 Ethereum addresses of the USDC-ERC20 tokens. These coordinated operations were effective in stemming the flow of criminal products on leading stable platforms.
The recovery was obtained in nine major incidents in which the losses were recovered in whole or in part after the attacks. The money stolen overall in incidents was around $ 1.73 billion, and almost $ 270 million was returned or frozen. This represents a recovery rate of 11.38%, a relatively high rate compared to recent years.
The Slowmist lab threats of LAB threats facilitated asset defense operations and helped freeze around $ 14.56 million in illegally stolen in the duration of six months. THE Violation kiloex was an exemplary case of successful response success, according to which $ 8.44 million in stolen assets were recovered in its entirety within 3.5 days thanks to concerted efforts between the security team and the project stakeholders.
Global regulatory executives have developed in various jurisdictions while governments have introduced specific standards for crypto exchanges and stablecoin rules. The United States has implemented the law on engineering, while Hong Kong became operational with its stablecoin order on August 1.
The Member States of the European Union have implemented the anti-money laundering regulations, prohibiting anonymous cryptographic accounts and the transactions of documents outside the exchange. These measures have built a more advanced global network of cryptographic financial rules, with more coordination between regulators and the main platforms strengthening deterrence against crime in mind.
Thread difference cresure: The secret tool that crypto projects use to obtain guaranteed media coverage
