Increased Risk of Phishing Attacks; CertiK Issues Alert
Web3 Ecosystem Suffers Significant Losses in 2024 and Early 2025
In the year 2024, the Web3 ecosystem experienced a series of major hacks, resulting in approximately $2.85 billion in losses. These losses were primarily due to access control failures, phishing/social engineering, and smart contract vulnerabilities, which together accounted for about 95% of the total losses.
Access control exploits alone caused nearly $1.6–1.8 billion in damage, while phishing and social engineering accounted for around $600 million, and smart contract bugs led to approximately $263 million lost. Notable incidents included the $290 million Munchables breach and $136 million Pike Finance attacks. Ethereum suffered the largest share (61.4%) of losses, followed by BNB Chain and Arbitrum.
The first half of 2025 saw losses exceed those of all 2024, reaching $3.1 billion. This increase was driven by a 1,025% surge in AI-related attack vectors, exploiting insecure API designs, weak model access controls, and insufficient user input filtering in AI inference layers. Human-related vulnerabilities remain dominant, with hackers shifting focus from cryptographic flaws to targeting process- and user-level weaknesses such as blind signing, private key leaks, and phishing.
In July 2025 alone, there were 13 major hacks totaling $147 million in losses, including a $44.2 million malware attack on CoinDCX. The trend for 2025 and beyond points to an increasing blend of sophisticated AI-enabled exploits combined with persistent human factor vulnerabilities, especially in access control and operational security.
Summary
| Year | Total Losses (approx.) | Top Attack Vectors | Notable Incidents | Emerging Threats | |--------------|-----------------------|---------------------------------|------------------------------|-------------------------------| | 2024 | $2.85 billion | Access control, phishing, smart contract bugs | Munchables ($290M), Pike Finance ($136M) | Human vulnerabilities | | H1 2025 | $3.1 billion (exceeds 2024 total) | Access control ($1.83B), phishing ($600M), smart contract bugs ($263M), AI attacks (1,025% surge) | Bybit ($1.5B), Uniswap V4 hook exploit ($12M) | AI-enabled attacks, insecure APIs | | July 2025 | $147 million (July only) | Phishing, malware, private key theft | CoinDCX malware attack ($44.2M) | Continued smart contract flaws |
The outlook for 2025 emphasizes rising AI threat sophistication and the continued criticality of fixing human-related access control flaws to curb losses in this rapidly evolving Web3 landscape.
In 2024, the May attack on Japanese cryptocurrency exchange DMM Bitcoin resulted in a loss of 4,502 BTC, equivalent to approximately $320 million at the time. Phishing was the most costly attack vector in 2024, with unreported incidents and other scams potentially increasing the actual tally. In 2024, more than $1 billion was stolen through 296 phishing attacks, according to CertiK. North Korean hackers stole at least $1.34 billion worth of crypto assets in 2024, according to Chainalysis.
Phishing tactics are expected to evolve in 2025, potentially utilizing artificial intelligence. Following phishing, private key compromise was the second most significant threat, leading to over $855 million in losses across 65 incidents in 2024. Out of the 296 incidents in 2024, at least three resulted in losses exceeding $100 million. The 2024 Hack3d Report provides insights into the year's challenges and future predictions.
Read also:
- Mandated automobile safety technologies in the EU may be deemed "irrational," "erratic," and potentially dangerous, experts caution.
- New study reveals that Language Models can execute complex assaults independent of human intervention
- Upgraded advisory from CISA and Microsoft on security weakness in Exchange Server
- Gadgets and Tech Essentials to Outshine Your Studies in the Upcoming Academic Term
