Cyberattacks and scams have already cost the crypto sector more than $3.1 billion in 2025, marking one of the most damaging years. Hacken's mid-year report reveals that access control failures and social engineering tactics remain the primary culprits.
The most significant single incident occurred in Q1, when Bybit suffered a $1.5 billion breach, accounting for 83% of all Q1 losses. Access control weaknesses were responsible for around $1.83 billion, or 59% of funds lost across both DeFi and CeFi platforms.
Decentralised finance projects were hit particularly hard, with $300 million drained in Q2 alone. Smart contract vulnerabilities contributed to $263 million in losses, including a $223 million hit in the Cetus exploit.
Meanwhile, phishing scams reached new heights, with one incident in April involving a $330 million Bitcoin theft.
Q2 had fewer access breaches than Q1, but single leaks caused rapid, large-scale losses. Hacken's report concludes that improved cybersecurity is essential for building trust and protecting innovation in the growing blockchain space.
