CertiKs Hack 3d: 2025 Q1 Security Report has been released. This report deeply analyzes the security status of Web3.0 from January to March 2025. In the first quarter of 2025, there were 197 security incidents, with a total loss of approximately US$1.67 billion, a surge of 303.4% from the previous quarter. Among them, the Bybit incident caused a loss of approximately US$1.45 billion, triggering widespread discussion on the security of centralized exchanges.
Key data
Quarterly data: In the first quarter of 2025, there were 197 on-chain security incidents in the Web3.0 industry, with a total loss of approximately US$1.67 billion. Compared with the previous quarter, the total loss increased by approximately 303.4%, and the number of security incidents increased by 6.
Attack method: Wallet theft caused the most serious financial losses in the first quarter of 2025, with only 3 incidents resulting in the theft of approximately $1.45 billion. The second largest category was private key leakage (as a subcategory of wallet vulnerabilities), with 15 incidents resulting in a total loss of approximately $140 million. Phishing attacks have a lower single loss amount, but occur most frequently, with 81 phishing attacks this quarter resulting in a total loss of nearly $16 million.
On-chain distribution: Ethereum is the blockchain that suffered the most security incidents, with a total of 98 attacks, frauds, and vulnerability exploits, with a total loss of approximately US$1.54 billion.
Losses recovered: $6.39 million in stolen funds were successfully recovered this quarter, with adjusted total losses of approximately $1.66 billion. Only 0.4% of the stolen funds were recovered this quarter, far lower than 42.1% in the previous quarter, making the actual net losses even more severe. In fact, no stolen funds were successfully recovered in February 2025.
The average loss per incident was approximately $9.55 million, and the median loss was approximately $66,000.
Security Trends
Although the total loss amount caused by phishing this quarter is much lower than that of private key leakage and wallet theft, the number of phishing incidents is still higher than other attack methods. The decentralized risk brought by high-frequency and low-loss phishing attacks can no longer be ignored.
The increase in phishing may be related to increasingly sophisticated social engineering tactics, such as fake decentralized applications (dApps), malicious browser extensions, and deepfake-based identity impersonation, making it easier for users to unknowingly disclose sensitive information.
The race between innovation and attack is accelerating, and the development of security defenses is unable to keep up with the increasingly sophisticated attack methods. Hackers are using social engineering, AI, contract manipulation and other means to break through security defenses. As the adoption rate of digital assets increases and asset valuations rise, CertiK predicts that the amount of digital asset theft may continue to rise.
However, the advancement of blockchain technology may change this situation in the future. For example, security innovations such as zero-knowledge proof (ZKP), on-chain forensics tools, and multi-party computing (MPC) wallets are expected to improve overall protection capabilities and reduce the threat of existing attack methods. The next few quarters will be a key test period for the Web3.0 industrys risk resistance.
Industry Trends
Despite significant security incidents, the first quarter of 2025 saw some important regulatory and strategic developments.
For example, the US government announced the establishment of a Strategic Cryptocurrency Reserve to ensure the financial interests of the United States in the digital asset ecosystem. In addition, the US Securities and Exchange Commission (SEC) established a Crypto Task Force to provide clearer regulatory guidance rather than the previous enforcement first strategy that hindered innovation. The European Union passed the Markets in Digital Assets Act (MiCA) to finalize technical standards and further promote its regulatory implementation in the field of Web3.0 compliance.
Quarterly Review
At the beginning of this quarter, CertiK co-founder Professor Gu Ronghui went to South Korea to conduct strategic cooperation exchanges and formally signed a memorandum of understanding (MOU) for strategic cooperation with Busan Digital Asset Exchange (Bdan) . During the visit, Professor Gu also met with important Korean partners such as Wemix, Kaia, United Games and GBBC to further expand the scope of cooperation. At the same time, Professor Gu was invited to accept exclusive interviews with well-known Korean media etoday and TokenPost to express his insights on the Korean market, new global regulatory trends and CertiKs strategic layout.
During the Hong Kong Consensus in February, CertiK, OceanBase and OKLink co-hosted the CertiK Space event . During the event, Professor Gu Ronghui was interviewed and systematically explained the trend of the co-evolution of technology, business and regulation ; Professor Li Kang, CertiKs Chief Technology Officer, analyzed the threats posed by the evolving attack methods of hacker organizations .
This quarter, CertiK also jointly released its latest research work with Ant Cryptography - formal verification of the core components of the Asterinas operating system , which attracted the attention and coverage of many well-known media such as Phoenix.com, NetEase News, and Sina Finance.
This quarter, CertiK also published several technical analysis and popular science articles:
Blockchain Data Protection and Privacy Compliance: A Deep Dive into GDPR HIPAA
Interweaving light and darkness: Uncovering the chaos in the Ethereum token ecosystem
Protect your assets and prevent risks | Web3.0 asset security guide for 2025
At the same time, CertiKs Chief Business Officer was a guest on the Cointelegraph podcast, discussing in depth the Bybit incident and Web3.0 security .
Conclusion
CertiK has deep industry insights and has been providing various security incident analyses, security guides, annual and quarterly security reports to deliver key security information to the industry. Once released, the security report has received high attention from the industry and has been quickly reported and cited by core media in the Web3.0 field such as CoinDesk and Cointelegraph.
CertiK’s quarterly report also provides in-depth analysis of the most attacked blockchains, the three major security incidents of the quarter, the development trends of Web3.0, and provides users and project owners with suggestions for improving security.
You are welcome to click here to read the full Hack 3d: 2024 Annual Security Report for more comprehensive analysis, insights and recommendations.
