Analysis of Security Situation in the Web3.0 Industry in the First Half of 2025

Recently, a report on the security situation of Web3.0 in the second quarter and first half of 2025 has attracted widespread attention in the industry. The report shows that in just the first half of 2025, the Web3.0 industry suffered losses of nearly $2.5 billion due to security incidents, and the total losses to date have exceeded the level of the entire last year. Overall, the security situation of Web3.0 remains severe, and the methods of threats continue to evolve and upgrade.

Security Overview for Q2 2025

In the second quarter of 2025, the Web3.0 industry experienced a total of 144 on-chain security incidents, with total losses of approximately $800 million. Compared to the previous quarter, the total losses decreased by about 52.1%, and the number of security incidents reduced by 59.

Phishing attacks have become the most damaging type of attack this quarter, with a total of 52 security incidents resulting in approximately $400 million stolen. Following that are code vulnerability attacks, with 47 security incidents leading to about $240 million stolen.

It is worth noting that approximately $180 million of stolen funds were recovered this quarter, with a total net loss of about $620 million.

Security Situation in the First Half of 2025

In the first half of 2025, a total of 344 security incidents occurred, with cumulative losses reaching as high as $2.47 billion.

The theft of wallets resulted in the most severe financial losses in the first half of 2025, with 34 incidents causing approximately $1.71 billion in losses. Following this are phishing attacks, which have accumulated 132 security incidents, resulting in approximately $410 million in losses and have now become the most frequently occurring type of attack.

In the first half of 2025, the total amount of recovered stolen funds was approximately $190 million, while the total net loss was about $2.29 billion.

Security Trend Analysis

As of June 30, 2025, the cumulative net loss reached $2.29 billion, surpassing last year's total net loss of $1.98 billion. Although the overall data indicates an increasingly severe security situation, approximately $1.78 billion of this year's losses are concentrated in two major incidents. Excluding these two incidents, the overall loss for the industry this year is $690 million, and the risk landscape still needs to be viewed dialectically.

From the perspective of attack methods, although the leakage of private keys drew widespread attention in 2024, this issue has significantly decreased in the first half of 2025. However, phishing attacks have surged, becoming the most threatening attack method currently. As phishing techniques become increasingly covert and deceptive, users urgently need to enhance their security awareness: avoid clicking on unknown links, carefully verify website domain names, enable multi-factor authentication, and it is also recommended to use hardware wallets for private key management.

Industry Development Trends

In addition to security incidents, several globally impactful regulatory and market development dynamics occurred in the first half of 2025, which will profoundly influence the future direction of the crypto industry:

1. The United States has abolished its previous digital asset policy through Executive Order No. 14178, prohibiting any form of government-issued CBDC (Central Bank Digital Currency) and introducing a brand new regulatory framework.

2. The United States officially established a strategic Bitcoin reserve, using seized assets to create a national sovereign-level cryptocurrency reserve.

3. The EU's Markets in Crypto-Assets Regulation (MiCA) has come into full effect, providing clear regulatory guidance for stablecoin issuers and crypto asset service providers.

4. Hong Kong has passed legislation related to stablecoins, requiring issuers to obtain licenses and have a clear redemption mechanism.

5. India has announced that it will release a policy document regarding the regulation of digital assets.

6. Pakistan has established its first Bitcoin reserve and built supporting energy infrastructure to support cryptocurrency mining.

7. A well-known company has launched an IPO, while another stablecoin issuer has expanded into the commodity-backed stablecoin application field and made significant investments in Latin America.

Overall, the security situation in the Web3.0 industry remains severe in the first half of 2025, but some positive regulatory and market development dynamics have also emerged. Industry participants need to continuously enhance their security awareness while closely monitoring policy changes and market trends globally.