In the rapidly evolving landscape of cryptocurrency, the first half of 2025 has already experienced over $3.1 billion in losses due to security breaches, marking a significant increase from the total losses documented throughout 2024.
A recent study by the esteemed blockchain security firm Hacken illuminates the ongoing vulnerabilities within both decentralized and centralized financial platforms. These issues stem largely from antiquated software frameworks, flaws in access controls, and the complications introduced as artificial intelligence becomes more integrated within these systems.
The primary contributor to financial setbacks remains access-control exploits, accounting for about 59% of all losses. Additionally, errors in smart contracts led to approximately $273 million in damages, highlighting the critical need for improved coding practices.
Notable events, such as the February Bybit incident that alone caused $1.5 billion in damages, spotlight the pervasive security deficiencies that the industry must urgently address.
Hacken’s forensic analysis has revealed a concerning trend in 2025: human error and procedural missteps often serve as more attractive targets than traditional cryptographic vulnerabilities.
Legacy Systems and Security Shortcomings
Yehor Rudytsia, Hacken’s head of forensics, has pointed out that legacy systems have become prime targets for cybercriminals, with the GMX v1 platform illustrating the dangers of outdated technology.
This platform’s vulnerabilities began to emerge in Q3 2025. “It’s essential for projects to manage their legacy code actively; otherwise, they remain susceptible to exploitation,” Rudytsia emphasized, drawing attention to the risks posed by neglecting older systems.
Operational flaws have also led to substantial losses, totaling around $1.83 billion across DeFi and CeFi sectors. A particularly alarming incident occurred with Cetus, a DeFi platform, which suffered a breach worth $223 million due to an overflow check vulnerability in its liquidity protocols.
The attacker utilized flash loans to execute numerous small trades across 264 liquidity pools. Hacken’s analysts noted that effective real-time monitoring of total value locked (TVL) with automatic pause functions could have mitigated losses by as much as 90%.
The Role of AI and API Vulnerabilities in Web3 Security
The integration of artificial intelligence technologies into Web3 frameworks presents another dimension of complexity in security management. Hacken’s report indicates a staggering 1,025% rise in attacks related to AI compared to preceding years.
Alarmingly, around 99% of these incidents involved insecure APIs, which have become one of the most exploited areas in modern cybersecurity. As of mid-2025, 34% of Web3 applications are making use of AI technologies in their operational frameworks, thereby increasing risks related to model hallucinations, prompt injections, and potential data corruption.
Furthermore, Hacken has raised concerns that existing security frameworks, such as ISO/IEC 27001 and the NIST Cybersecurity Framework, are inadequately prepared to address these AI-specific vulnerabilities. The report advocates for enhanced governance and risk management strategies that can better adapt to the evolving landscape of threats.
Given the emergence of advanced threat vectors and the increasing reliance of attackers on automation and social engineering tactics, the demand for innovative and responsive security solutions in the cryptocurrency sector is more urgent than ever.
Featured image created with DALL-E, Chart sourced from TradingView.
