The Web3 ecosystem entered 2025 with renewed momentum, buoyed by improving macroeconomic conditions, stronger investor confidence, and a noticeably more supportive political climate in the United States. The new U.S. administration moved quickly to position digital assets as a strategic innovation sector rather than a regulatory anomaly, sending an early signal that blockchain technology would be encouraged rather than restrained. This shift restored confidence among builders, institutions, and venture capital, helping decentralized applications expand deeper into payments, gaming, tokenized assets, identity solutions, and real-world financial use cases.
Yet, as activity accelerated across the ecosystem, so did the threat landscape. Cyber adversaries evolved alongside the industry, refining both technical exploits and social engineering techniques. While innovation surged, 2025 became a stark reminder that growth and risk continue to move in parallel within Web3.
According to industry data, total losses in 2025 reached $3.35 billion, marking a 37% increase compared to $2.45 billion in 2024. At first glance, the numbers suggest a dramatic deterioration in security conditions. However, a closer look reveals a more nuanced picture. One single incident, the Bybit exploit, accounted for approximately $1.45 billion of the year’s losses. When this outlier is excluded, overall stolen funds would have declined year over year, underscoring a critical shift in attacker behavior.
Rather than relying on a high volume of mid-sized exploits, threat actors increasingly concentrated resources into fewer but far more devastating operations. The Bybit incident demonstrated the growing presence of well-funded, highly coordinated adversaries capable of executing complex, long-horizon attacks. This trend suggests that while baseline security hygiene is improving across many protocols, systemic risks remain, particularly at the infrastructure and supply-chain level.
When categorizing attack vectors, phishing emerged as the most prevalent threat in 2025. Excluding the Bybit supply-chain breach, phishing accounted for $722.9 million stolen across 248 incidents, surpassing both code vulnerabilities and infrastructure attacks in frequency. Code-related exploits followed closely, resulting in $554.6 million across 240 incidents, although nearly half of those funds were eventually frozen or returned, highlighting improved response coordination and on-chain intervention capabilities.
Artificial intelligence played a defining role in shaping this evolving threat environment. On the defensive side, developers increasingly relied on AI-powered tools to generate test cases, identify inefficiencies, enhance formal verification, and streamline audit workflows. Conversely, attackers adopted the same technologies at scale. AI-generated phishing interfaces became nearly indistinguishable from legitimate dApps and wallet prompts, while automated multilingual campaigns expanded reach into previously insulated communities.
Threat actors also leveraged AI for reconnaissance, scraping on-chain data and private chat channels to identify high-value targets. Impersonation attacks grew more convincing, with fake founder accounts, synthetic voices, and deepfake videos eroding traditional trust signals. Perhaps most concerning was the speed of exploit replication, as AI tools enabled attackers to copy and deploy successful attack patterns within days or even hours.
Regulatory clarity improved significantly throughout 2025, helping stabilize the broader ecosystem. In the U.S., the GENIUS Act established early frameworks for stablecoin oversight and digital asset transparency, while signaling a more cooperative stance toward innovation. Globally, the European Union advanced toward full MiCA implementation, raising standards for disclosures and consumer protection. Meanwhile, jurisdictions such as Singapore and Hong Kong expanded digital asset sandboxes, and countries including Brazil and Colombia progressed toward regulated commodity tokenization frameworks.
These developments contributed to more structured governance and influenced how projects approached compliance, architecture, and operational security. As regulations matured, security increasingly became a prerequisite for market access rather than an optional feature.
One of the year’s most significant incidents occurred in February, when Bybit suffered the largest crypto theft in history. The attack, attributed to the Lazarus Group, did not exploit Bybit’s internal systems directly. Instead, attackers compromised a developer machine at Safe{Wallet}, a third-party multi-signature wallet provider. Malicious code injected into the wallet interface altered transaction details invisibly, causing authorized signers to unknowingly approve fraudulent transfers. The incident exposed the growing risks associated with trusted tooling and supply-chain dependencies.
Beyond large-scale breaches, individual users faced mounting risks. AI-driven phishing, deepfake impersonation, and targeted social engineering attacks surged throughout the year. Many losses went unreported, particularly those linked to off-chain scams such as pig-butchering schemes and investment fraud, suggesting that actual user losses are likely far higher than recorded figures.
As 2026 approaches, the trajectory of Web3 security is becoming clearer. Attackers are expected to further refine AI-powered impersonation and phishing campaigns, while supply-chain attacks may grow more sophisticated. At the same time, stronger regulation, real-time monitoring, and AI-assisted defenses offer a path toward reducing preventable losses.
2025 at CertiK
2025 marked a milestone year for CertiK, defined by expanded research, deeper ecosystem integrations, and continued leadership in Web3 security. Below are some of the key achievements that shaped the year:
- Integrated Token Scan with ChainGPT and Binance Wallet, extending real-time token risk analysis directly into widely used Web3 tools.
- Published the Skynet Stablecoin Spotlight Report: H1 2025, delivering an in-depth review of the stablecoin landscape, key vulnerabilities, and how the Skynet Security Score can be used to assess stablecoin risk.
- Released the 2025 Skynet RWA Security Report, providing structured due-diligence criteria and a comprehensive risk review framework for real-world asset (RWA) protocols.
- Launched the 2025 Skynet Korea Web3 Security & Ecosystem Report, offering insights into South Korea’s Web3 market dynamics and profiling leading platforms in the region.
- Published the 2025 Skynet Digital Asset Treasuries (DAT) Report, introducing the Skynet DAT Security & Compliance Framework to evaluate operational integrity beyond surface-level metrics.
- Released the Skynet U.S. Digital Asset Policy Report, summarizing the legal foundations, market-structure implications, and operational requirements of the GENIUS Act and CLARITY Act in the United States.
- Conducted a full-scale security assessment of the USDCx mint and burn process on Canton Network, including audits of on-chain Daml smart contracts and penetration testing of off-chain infrastructure.
- Launched CertiK SkyNode, a validator node service designed to improve network security, reliability, and performance across multiple public blockchain ecosystems.
- Co-published research with Ant Group’s AntChain (Ant Dense Computing) focused on the formal verification of core components within the Asterinas operating system.
- Introduced the LiDO framework, presented by CertiK Co-Founder Professor Shao Zhong, addressing critical security challenges in Byzantine Fault Tolerant (BFT) consensus mechanisms.
- Secured two grants from the Ethereum Foundation, reinforcing CertiK’s leadership position in zkEVM formal verification research.
- Rolled out Skynet leaderboards, a security-focused ranking platform designed to evaluate and compare crypto and Web3 project security.
- Released ecosystem-specific showcase leaderboards to support strategic Layer 1 growth, including dedicated leaderboards for BNB Chain and SUI..
In this rapidly evolving environment, long-term success will depend on integrating security into every layer of Web3 development. As the largest Web3 security services provider, CertiK continues to play a central role in safeguarding the ecosystem, supporting thousands of projects, and strengthening trust as blockchain technology moves closer to mainstream adoption.
