The cryptocurrency industry has witnessed over $3.1 billion in losses during the first half of 2025, already surpassing the total for all of 2024.
Access-control exploits remain the leading cause of financial damage, contributing roughly 59% of the total losses, while smart-contract bugs accounted for around $273 million.
Hacken’s forensic team observed a recurring theme in 2025: human and procedural errors are now a more frequent point of attack than cryptographic weaknesses.
Hacken’s head of forensics, Yehor Rudytsia, noted that older codebases have remained active targets for attackers, with the GMX v1 platform being a key example.
The protocol’s outdated structure began facing exploitation in Q3 2025. “Projects have to care about their old or legacy codebase if it was not stopped from operating completely,” Rudytsia said, emphasizing the risks of leaving older protocols exposed.
The incorporation of artificial intelligence tools into Web3 projects has added another layer of complexity to the security environment. According to Hacken’s report, there has been a 1,025% increase in AI-related attacks compared to 2023.
Nearly 99% of these incidents involved insecure APIs, making them one of the most exploited attack surfaces today. As of mid-2025, 34% of Web3 projects are using AI agents in live environments, increasing their exposure to risks such as model hallucination, prompt injection, and data poisoning.
Hacken also highlighted that existing security standards like ISO/IEC 27001 and the NIST Cybersecurity Framework are not yet adequately equipped to handle these AI-specific threats. The report called for updated governance and risk models that can better account for evolving vulnerabilities in smart systems.
Featured image created with DALL-E, Chart from TradingView
