Insights

Web3 Security Report Q1 2025: $2B Lost in 90 Days

Hacken

02 Apr 2025 — 2 min read

The first quarter of 2025 marked one of the most alarming periods in Web3 security history — with over $2 billion lost in just three months. A 96% increase compared to Q1 2024. What’s behind this staggering number? The story points to operational failures, access control exploits, and a persistent pattern of multisig compromises.

What’s inside the report?

Access Control Exploits:
The #1 threat to Web3 today — responsible for over $1.6B in losses in Q1 alone. Multisig-related incidents continue to dominate, with Bybit suffering the largest hack in crypto history.

The Multisig Crisis:
Three quarters in a row, the biggest hacks involved Safe multisig wallets — not due to smart contract flaws, but due to weak operational security. Extractor, Hacken's detection engine, shows how teams can defend against these failures.

DeFi vs. CeFi:
While DeFi losses remain under control, major CeFi platforms took severe hits, including Bybit ($1.46B) and Phemex ($85M) due to access control failures and compromised signer workflows.

Rugpulls & Phishing:
The infamous $LIBRA token rugpull (~$300M) shocked the community, fueled by political promotion and insider trading. Phishing scams also led to nearly $100M in losses, exploiting poor user security hygiene.

Smart Contract Exploits:
While smart contract bugs accounted for less than 2% of the total losses, they still resulted in $29M in damages. Notable cases like zkLend (Starknet) and 1inch Fusion v1 highlight persistent coding and maintenance issues.

Emerging Money Laundering Techniques:
Hackers are getting smarter — using perpetual exchanges and fake sandwich attacks to launder funds.

Learn from the real incidents.

Discover original research, expert insights, and practical recommendations to secure your assets and protocols.

Mastering Cosmos Security: Best Practices for Appchain Builders

Architecting sovereign, application-specific blockchains with the Cosmos SDK, CometBFT, and Inter-Blockchain Communication (IBC) protocol lets you ship scalable, interoperable networks tuned to any use-case or governance model. That same modular power also widens the attack surface – every layer introduces new states, message types, and trust assumptions that hungry attackers probe

Real-World OP Fault-Proof Vulnerabilities & Fixes

The Fault-Proof System in the OP Stack is under active development and subject to frequent modifications. It has also undergone multiple security audits, during which several vulnerabilities were identified. In this blog post, we’ll discuss five real-world bugs that auditors and researchers uncovered in early 2024-25. While all identified

Bybit Secures MiCAR License in Austria with Hacken’s Support

To serve nearly 500 million users across the European Economic Area (EEA), Bybit needed a Markets in Crypto-Assets Regulation (MiCAR) license from Austria’s Financial Market Authority (FMA). Acquiring that license required more than paperwork – regulators demand hard, technical proof that every Crypto-Asset Service Provider (CASP) can withstand real-world cyber-attacks.

Prompt Injection Attacks: How LLMs Get Hacked and Why It Matters

In Q1 2025 Cisco researchers broke DeepSeek R1 with 50 out of 50 jailbreak prompts, while red-teamers turned Microsoft Copilot into a spear-phishing bot just by hiding commands in plain e-mails — exactly the threats we map in our LLM security risks deep-dive and drill against in the AI Red-Teaming playbook.