2025 Web3 Blockchain Ecosystem Security Crisis Panorama Scan

Hack attacks, scams, and exit scams are occurring frequently. The security situation of blockchain in 2025 has both joys and concerns.

Preface

2025 is about to pass, and this year has been full of challenges for the entire Web3 blockchain ecosystem. According to authoritative security monitoring data, losses caused by various security incidents worldwide have once again broken astronomical numbers. At the same time, we have also seen some positive changes—user awareness of prevention is improving, and industry security construction is strengthening. This article summarizes key data and typical events in the blockchain security field in 2025, aiming to help practitioners and users better understand the current threats and how to respond more effectively.

Numbers Speak: Astonishing Data on Blockchain Security in 2025

Overall Situation: Losses of 33.75 billion yuan in one year

According to data from professional security monitoring platforms, the cumulative losses in the Web3 ecosystem in 2025 due to hacker attacks, scams, and project exit scams reached $3.375 billion. This figure highlights the severity of the problem.

Specifically:

• Most fierce hacker attacks: 191 incidents, losses amounting to $3.187 billion, a 77.85% increase from 2024
• Scam risks are decreasing: 113 scam incidents, losses of $177 million, down 69.15% year-over-year
• Exit scams are also improving: Project exit scam losses of $1.15 million, down 92.21% year-over-year

This data reflects an interesting phenomenon: traditional scam and exit scam methods are being replaced by more advanced hacker attacks. The targets of attackers are shifting from retail investors to more valuable targets—exchanges and large DeFi protocols.

Seasonal characteristics are obvious

Losses in Q1 2025 were the heaviest, mainly due to a supply chain attack on a leading exchange causing a loss of $1.44 billion. Afterwards, losses decreased quarter by quarter, indicating that the entire ecosystem is gradually strengthening its defenses.

Blockchain Risk Map: Which Projects Are Most Likely to Be Targeted

Exchanges become “hot targets” for hackers

Nine attacks targeting centralized exchanges caused losses of $1.765 billion, accounting for 52.30% of the total losses in the year. This means hackers are fully focusing on large targets like exchanges. A leading exchange suffered a supply chain attack with a loss of $1.44 billion, and other exchanges also experienced varying degrees of theft.

Why are exchanges the hardest hit? The reason is simple—exchanges manage user assets centrally, and a successful attack can yield huge profits, which is much more cost-effective than attacking DeFi projects one by one.

DeFi projects: highest attack frequency, but single losses are smaller than exchanges

Ninety-one DeFi attacks caused losses of $621 million. The most shocking case is the theft of $224 million from Cetus Protocol, accounting for 36.07% of DeFi losses. Next is Balancer with $116 million in losses.

This reflects that although DeFi faces the most attacks, its relatively dispersed ecosystem means individual losses are often smaller than those of exchanges. However, exploiting contract vulnerabilities remains an effective traditional attack method.

Other threats should not be ignored

Infrastructure components such as wallets, browsers, third-party code packages, and MEV bots are also becoming targets, indicating that hackers are expanding their attack scope and upgrading their attack logic.

Public Chain Security Rankings: Ethereum Still the “Major Disaster Area”

Among all public chains, Ethereum has the most security incidents, with 170 incidents causing losses of $2.254 billion, accounting for 66.79% of the total losses. This not only reflects the importance of the Ethereum ecosystem (high asset concentration) but also exposes its risks.

BNB Chain ranks second, with 64 incidents causing $89.83 million in losses, but the loss amount has surged by 110.87% compared to 2024, which is concerning.

Base and Solana follow closely with 20 and 19 incidents respectively. Security issues on new public chains are emerging.

Attack Methods Upgrading: From Traditional Vulnerabilities to Complex Logical Flaws

Contract vulnerabilities remain mainstream

Out of 191 attacks, 62 involved exploiting contract vulnerabilities, accounting for 32.46%. Among these, business logic vulnerabilities are the most deadly, causing $464 million in losses. This shows that even with increasingly thorough security audits, logical flaws in contracts remain the best entry point for hackers.

Supply chain attacks become new favorites

The $1.44 billion loss at a leading exchange was caused by a supply chain attack, accounting for 42.67% of total losses. This attack method is becoming a new weapon for hackers—they do not attack products directly but target upstream dependencies, libraries, and toolchains.

Private key leakage risk decreases

This year, there were 20 incidents of private key leaks, with total losses of $180 million, a significant decrease compared to last year. This indicates that the industry’s emphasis on private key management is increasing, and user awareness of prevention is also improving.

Analysis of Two Typical Cases

Case 1: Cetus Protocol’s $224 million disaster

The DEX Cetus Protocol on the Sui ecosystem was heavily impacted in May 2025. The vulnerability stemmed from an error in the left shift operation in an open-source library code.

Simplified attack steps:

1. Hacker borrows 10 million haSUI via flash loan
2. Creates a liquidity position with a price range of [300000, 300200]
3. Uses only 1 unit of haSUI to obtain an astronomical amount of liquidity (on the order of 10^28)
4. Quickly removes liquidity, draining the pool
5. Repays the flash loan, earning about 5.7 million SUI

Root cause: The overflow check in the checked_shlw function was ineffective. Inputs below a certain threshold could bypass detection, but after left shifting, overflow could still occur. The Move language’s left shift operation does not automatically halt on overflow, giving hackers an opportunity—they can exchange a small amount of tokens for huge assets.

Case 2: Balancer’s $116 million systemic collapse

In November 2025, Balancer v2 protocol and its fork versions were looted across multiple chains, with total losses of $1.16 billion.

Attack chain:

1. Hacker performs mass swaps, exchanging large amounts of liquidity tokens for BPT
2. Liquidity reserves in pools are severely depleted
3. Conducts osETH/WETH swaps
4. Swaps liquidity tokens back to BPT
5. Repeats operations across multiple pools, finally withdrawing profits

Vulnerability essence: The ComposableStablePools use Curve’s StableSwap invariant formula. However, precision errors in scaling operations propagate into the invariant calculation, causing the computed value to be severely underestimated, creating attack opportunities. The mulDown function’s downward rounding further amplifies this error.

Anti-Money Laundering Perspective: The “Disappearance” of Stolen Assets

Major drug cartel’s crypto money laundering case

A laundering network operated by a drug cartel leader was uncovered. They smuggled cocaine through Colombia and Mexico, using cryptocurrencies to clean illegal wealth. Three related addresses handled a total of 266 million USDT. Although some assets were frozen by authorities, most had been transferred through high-frequency trading and multi-level transfers into major exchanges.

This case shows that: Hackers or criminals use DeFi, cross-chain bridges, exchanges, and other links to obfuscate fund flows and evade law enforcement.

GMX $40 million missing funds

In July 2025, GMX was attacked via a reentrancy vulnerability, with hackers profiting $42 million. Tracking revealed:

• Attackers exchanged various tokens into ETH and USDC via DEX protocols
• Used cross-chain protocols to disperse assets to Ethereum
• $32 million worth of ETH was distributed across 4 addresses
• $10 million in assets flowed to Arbitrum

Key insight: The “disappearance” of stolen assets occurs in stages—first transferring and obfuscating on the original chain, then dispersing across chains, and finally storing in different addresses. This operational flow has become a standard routine for hackers.

Reflection and Outlook: Warnings for 2025

Positive signals are emerging

Compared to 2024, losses from scams and exit scams have significantly decreased, indicating:

• User awareness is improving
• Project teams are paying more attention to security audits
• Industry security construction is gradually improving
• Lessons are being learned from past vulnerabilities

But new threats are also emerging

• Supply chain attacks are the top risk: from dependency libraries to toolchains, hackers are breaking through upstream links
• Social engineering/phishing attacks are rising: among the top 10 security incidents, two involved large personal user losses caused by social engineering
• Complex protocol logic flaws are hard to prevent: hackers have upgraded from simple code vulnerabilities to protocol design flaws
• Cross-chain deployment expands risk surface: projects spanning multiple chains face more attack entry points

Threats to individual users are escalating

Phishing, kidnapping, and extortion are increasing. Many small scams are not publicly reported, leading to underestimation in data, but the losses for victims are real.

Protection suggestions for 2026 and beyond

1. For project teams: Supply chain security should be a priority; continuous monitoring and threat assessment of dependencies are necessary.
2. For platforms: Improve social engineering defenses, from technical barriers to community collaboration, forming multi-layered defenses.
3. For users: Enhance prevention awareness, protect personal identity information, and reduce public exposure of crypto assets.
4. For the industry: Build a dynamic defense ecosystem from individual awareness to technical safeguards and law enforcement cooperation.

Conclusion

The security challenges of Web3 blockchain in 2025 are unprecedented but also an opportunity for reflection and progress. Hacker attack methods are evolving, and defense solutions must upgrade accordingly. From supply chain security to social engineering defenses, from technical audits to user education, no link can be taken lightly.

The future of security depends not on a single technology but on the overall defensive capability of the ecosystem—collaboration among project teams, security companies, exchanges, users, and regulators. The future of blockchain technology hinges on whether we can build a sufficiently strong security defense today.