Web3 Security Losses Rose in 2025 as Attackers Shift Toward Fewer, Larger Incidents

Source: CoinEdition Original Title: Web3 Security Losses Rose in 2025 as Attackers Shift Toward Fewer, Larger Incidents Original Link: https://coinedition.com/web3-security-losses-rose-in-2025-as-attackers-shift-toward-fewer-larger-incidents/

• 2025 losses rose 37% despite fewer incidents, driven by a small number of high-impact exploits.
• Supply chain and phishing attacks accounted for the majority of Web3 security losses.
• Ethereum and cross-chain platforms remained primary targets for large-scale attacks.

The Web3 network experienced higher security losses in 2025, despite a decline in the number of incidents compared to the previous year, according to security report data. The findings reveal a growing threat scenario, characterized by limited, high-impact attacks rather than widespread, low-value exploits, reflecting a shift in attacker strategy as on-chain activity rebounded.

Web3 activity accelerated in 2025 due to positive market sentiment, renewed liquidity, and a more accommodative policy environment in the United States. Decentralized applications expanded across payments, gaming, tokenized real-world assets, and identity use cases.

However, this growth also expanded the attack surface, with threat actors focusing on private key management, authentication systems, and access controls across high-value platforms.

Total losses from hacks, scams, and exploits reached $3.35 billion in 2025, up from $2.45 billion in 2024, representing an increase of approximately 37%. A single supply chain incident at a major exchange was responsible for approximately $1.45 billion of those losses.

Fewer Incidents, Larger Financial Impact

The average loss per incident rose to $5.32 million in 2025, a 66.6% increase from the prior year, while the median loss fell to $103,996. This gap suggests that while many incidents remained relatively minor, a limited number of attacks caused disproportionate damage.

February was the most costly month, with $1.54 billion lost across 58 incidents, largely driven by the supply chain exploit. Losses peaked in the first quarter at $1.67 billion across 200 incidents, before declining by roughly 52% in the following quarter as monitoring and response measures improved.

Supply Chain and Phishing Lead Attack Vectors

Supply chain breaches were the most damaging attack vector in 2025, resulting in $1.45 billion in losses across just two incidents. These attacks often involved development dependencies, CI/CD pipelines, and wallet integrations. Phishing accounted for the highest number of incidents, with 248 cases leading to $722.9 million in losses, slightly exceeding code vulnerability exploits in frequency.

Ethereum and Cross-Chain Targets Dominate Losses

Ethereum experienced the highest number of incidents, with 310 events resulting in $1.70 billion in losses. Bitcoin-related incidents totaled $528.2 million across 22 cases. Attacks affecting multiple blockchains accounted for $460.8 million across 29 incidents, highlighting ongoing risks tied to cross-chain infrastructure.

Overall, 2025 data shows that Web3 security risks mainly stem from targeted, complex operations rather than broad-based exploit campaigns, reshaping how losses accumulate across the ecosystem.