The security situation of Web3.0 remains severe, with losses nearing $2.5 billion in the first half of 2025.

In the first half of 2025, losses caused by security incidents in the Web3.0 industry approached $2.5 billion, exceeding the total for the entire previous year. Although there was some improvement in the second quarter compared to the first quarter, the overall security situation remains severe, and the methods of threats continue to evolve and upgrade.

Security Overview for Q2 2025

• A total of 144 on-chain security incidents occurred, with an estimated loss of around 800 million dollars.
• Total losses decreased by 52.1% compared to the previous quarter, with 59 fewer security incidents.
• Phishing attacks caused the largest losses, with 52 incidents resulting in approximately $400 million stolen.
• Code vulnerability attacks followed, with 47 incidents causing losses of approximately $240 million.
• Approximately $180 million in stolen funds have been recovered, with a total net loss of about $620 million.

Security Situation in the First Half of 2025

• A total of 344 security incidents occurred, with cumulative losses of $2.47 billion.
• Wallet thefts caused the most severe losses, with 34 incidents resulting in approximately $1.71 billion in losses.
• 132 phishing attacks, resulting in losses of approximately $410 million, have become the most frequent type of attack.
• Approximately $190 million of stolen funds have been recovered, with total net losses of approximately $2.29 billion.

Security Trend Analysis

In the first half of 2025, the cumulative net loss reached 2.29 billion USD, exceeding the total for the entire previous year. However, approximately 1.78 billion USD of the losses were concentrated in two major events. Excluding these two events, the overall industry loss this year is 690 million USD, and the risk landscape needs to be viewed dialectically.

The issue of private key leakage has significantly decreased compared to 2024, but phishing attacks have surged, becoming the most threatening attack method currently. As phishing tactics become increasingly covert and deceptive, users urgently need to enhance their security awareness:

• Avoid clicking unknown links
• Carefully check the website domain name
• Enable two-factor authentication
• Use hardware wallets to manage private keys

Industry Regulation and Development Trends

In the first half of 2025, several far-reaching regulatory and market development events occurred globally:

• The United States has abolished its previous digital asset policy, prohibiting the government from issuing CBDCs and introducing a new regulatory framework.
• The United States establishes a strategic Bitcoin reserve, creating a national-level cryptocurrency asset reserve.
• The EU's Markets in Crypto-Assets Regulation (MiCA) is fully effective.
• Hong Kong has passed legislation related to stablecoins, requiring issuers to obtain licenses and have a clear redemption mechanism.
• India announces the release of regulatory policy documents for digital assets
• Pakistan has established its first Bitcoin reserve, along with supporting energy infrastructure for cryptocurrency mining.
• Circle launches IPO, Tether expands into commodity-backed stablecoin applications, and makes large-scale investments in Latin America.

Despite the ongoing severe security challenges, the global regulatory environment is gradually becoming clearer, the market continues to innovate, and the Web3.0 industry still shows strong development vitality. In the face of a complex and changing security situation, industry participants need to continuously enhance their security awareness, improve risk prevention measures, and jointly maintain the healthy development of the industry.