- ISO/IEC 27001: A global standard for managing and protecting sensitive company information. .
- NIST Cybersecurity Framework: A U.S. government guide that helps organizations prevent, detect, and respond to cyber threats. .
- Smart Contract: Self-running blockchain code that doesn’t need a middleman to work. .
- TVL (Total Value Locked): The total value of crypto locked in a DeFi platform. .
- Flash Loan: A quick loan in crypto that’s borrowed and repaid in one transaction. .
- Blind Signing Attack: When users unknowingly approve harmful transactions because they can’t see what they’re signing. .
- API (Application Programming Interface): A tool that allows apps and systems to talk to each other, if not secured, hackers can use it to break in. .
- CVE (Common Vulnerabilities and Exposures): A public list of known software security flaws. .
More than $3.1 billion in cryptocurrency has been lost in the first six months of 2025 due to security issues like smart contract bugs, weak access controls, rug pulls, and scams, according to a report by blockchain security firm Hacken.
This amount has already surpassed the total losses of $2.85 billion recorded in all of 2024. Although the $1.5 billion Bybit hack in February was unusually large, the overall crypto industry still faces serious security problems.
The pattern of losses is similar to last year, with access-control breaches making up the biggest share, about 59% of the total. Smart contract flaws were responsible for around 8% of the losses, totaling $263 million.
Shifting the targets
As the crypto world becomes more advanced, attackers are no longer just looking for weak code. Instead, they’re focusing on human errors and process flaws. These newer techniques include:
- Blind signing attacks
- Leaks of private keys
- Complex phishing scams
According to Hacken, poor operational security caused most of the damage in the first half of 2025, with $1.83 billion lost across both decentralized (DeFi) and centralized (CeFi) platforms.
Cetus Hack Marks Worst DeFi Loss Since 2023
The biggest attack in Q2 2025 was on the Cetus platform. In just 15 minutes, $223 million was stolen. This ended a five-quarter trend of declining DeFi hacks and made Q2 the worst period for DeFi losses since early 2023.
Earlier, in Q4 2024 and Q1 2025, most crypto losses were caused by access-control issues, not bugs. But in Q2 2025, access-control losses in DeFi dropped to only $14 million, the lowest since mid-2024. However, smart contract bugs became more common again.
The Cetus attack used a flaw in how it checks liquidity. The hacker used a flash loan to open small positions, then attacked 264 liquidity pools. Hacken said that if the platform had used live TVL monitoring with auto-pause features, 90% of the stolen funds might have been saved.
The Dark Side of The AI
Artificial Intelligence is playing a bigger role in both Web2 and Web3, but it’s also opening the door to new kinds of attacks. According to the report, AI-related cyberattacks in crypto have surged by over 1,000% compared to last year.
Nearly 99% of these attacks are linked to insecure APIs. Hacken also reported five new critical AI-related vulnerabilities added to the official CVE list. Today, about 34% of Web3 projects are already using AI agents in live environments, making them more exposed to risks.
The problem, Hacken says, is that existing cybersecurity frameworks like ISO/IEC 27001 and the NIST Cybersecurity Framework aren’t built to handle AI-specific issues. These include threats like prompt injection, data poisoning, and even AI “hallucinations,” where systems generate false or misleading information.
Hacken warns that unless these standards are updated, AI could become a major weak spot in the crypto space.