Cryptocurrency theft has seen a massive surge in January, with approximately $370 million stolen, according to a report by blockchain security firm CertiK. This represents a quadrupling of the amount stolen in January of the previous year.
CertiK's report, "Hack3d: Web3 Security Report for Q2 + H1 2025," provided a detailed analysis of the security landscape. The report highlighted that wallet breaches and phishing attacks were the primary drivers of these losses. Between January and June 2025, a total of 344 incidents were reported, resulting in a cumulative loss of $2.47 billion. Wallet-related breaches alone accounted for $1.7 billion in losses across just 34 attacks, underscoring the vulnerability of digital wallets to sophisticated hacking techniques. Phishing scams followed closely, with over $410 million stolen in 132 incidents.
The report highlighted two significant incidents: the Bybit hack in February and the Cetus Protocol breach in May. The Bybit hack resulted in the theft of over $1.5 billion in liquid-staked ETH and MegaETH, making it the single largest exploit of 2025. The Cetus Protocol breach, which occurred on May 22, led to the loss of about $225 million due to a smart contract flaw. The attacker exploited spoof tokens and price manipulation to drain liquidity, although Sui validators later froze and returned $162 million.
Ethereum remained the most targeted blockchain, experiencing 175 security events and over $1.6 billion in losses. The trend in wallet breaches is alarming, but private key compromises, a top concern in 2024, have shown signs of decline.
The average amount lost per incident stood at over $7.1 million, while the median loss was just under $90,000. CertiK reports that $187 million was returned to victims through law enforcement action, whitehat efforts, and exchange cooperation. This brings the net loss for the first half of the year to around $2.29 billion.
CertiK noted a rise in losses due to code vulnerabilities in May 2025. Flawed smart contracts caused $229 million in damages, a massive jump from just $5 million in April.
The rise in cryptocurrency thefts highlights the growing need for robust security measures within the digital asset space. As the tokenization of financial systems accelerates, so too do the methods of attack. Users are urged to be cautious, double-check URLs, avoid suspicious links, and use hardware wallets for storage.