Where the web3 security landscape stands today
“When creating the biggest honeypot in the world, security is everything.”
2025 marked one of the most consequential years in the history of web3 security, with $3.35 billion lost to hacks and 17 billion to scams and fraud.
Hundreds of incidents occurred across centralized exchanges (CEXs), decentralized finance (DeFi) platforms, and cross-chain infrastructure. But the defining characteristic of the year was something different.
Industry reporting from CertiK, Chainalysis, TRM Labs, and Beosin points to a clear shift in attacker behavior. Rather than pursuing high-volume, opportunistic attacks, adversaries increasingly focused on fewer, higher-value targets, often embedded deep within critical operational workflows.
This strategic evolution culminated in the largest cryptocurrency theft in history: the $1.46 billion Bybit breach, which alone accounted for roughly 45% of all hack-related losses in 2025 and served as a catalyst for broader ecosystem scrutiny.
Crucially, the most damaging incidents of the year did not originate from failures in protocol business logic alone. Instead, attackers exploited weaknesses around execution and trust.
Continue reading
Lessons learned from the billions lost to hacks, scams, and key compromise in 2025 and how to secure your systems against future attacks.