- CertiK reports $2.47B stolen in 2025 as hackers exploit human and system flaws in crypto.
- Ethereum lost $1.6B to hackers, with phishing scams adding hundreds of millions in damages.
- TRM Labs’ Beacon Network works to freeze stolen funds and protect crypto users worldwide.
The cryptocurrency industry is facing what experts describe as an “endless war” against hackers, even as protocols invest millions in security upgrades. Blockchain security firm CertiK reported that more than $2.47 billion was stolen in the first half of 2025 alone.
The losses included the record-breaking $1.4 billion Bybit hack in February, the single largest exploit in crypto history. Ronghui Gu, co-founder of CertiK and professor of computer science at Columbia University, warned that defenders remain at a structural disadvantage.
Speaking during Cointelegraph’s Chain Reaction live session, he noted that criminals only need to exploit a single flaw, while developers must secure millions of lines of code. “As long as there’s a weak point or some vulnerabilities out there, sooner or later they will be discovered,” Gu said. “So it’s an endless war.”
CertiK Report: Hackers Adapt as Defenses Strengthen
While protocols tighten technical protections, attackers are pivoting toward the human element. According to CertiK, phishing scams and private key thefts accounted for nearly half of 2024’s security breaches, and that trend has accelerated this year.
CertiK Crypto Hacks (Source: X)
In August alone, one investor lost $3 million with a single mistaken click that approved a malicious blockchain transaction. In a different case, a victim unknowingly gave a fraudulent green light over a year in advance, and within moments, a huge $900,000 was siphoned off.
These cases demonstrate what Gu referred to as psychological loopholes that cybercriminals use when code becomes difficult to crack. Phishing was the leading vector in Q2 2025, accounting for $395 million in losses from 52 cases.
Although less common, wallet attacks were even more damaging, causing $1.7 billion of damage from just 34 attacks during the first half of the year.
Ethereum in the Crosshairs
The CertiK Hack3d report identified Ethereum as the primary target for crypto hacking, with 175 attacks resulting in over $1.6 billion in damages. The security ecosystem of Ethereum might have seen improvements, but its large user base and liquidity continue to foster malicious activities.
The average incident amounted to $7.1 million in damages, although the median was much lower at $89,000, as a few massive breaches distort the statistics. It is heartening to observe a drop in losses to $801 million in 144 incidents during Q2—a 52% decrease from Q1 stats.
However, a recovery-adjusted figure of more than $2.28 billion for the half-year still speaks to the magnitude of the problem.
Building a Collective Defense
The crisis has catalyzed a new form of partnership in the industry. As of now, security researchers, crypto exchanges, and regulators collaborate on projects like TRM Labs’ Beacon Network, which is aimed at identifying suspicious wallets and freezing their funds before they are converted to fiat currency.
These initiatives are indicative of the fact that a single organization cannot wage the fight against cybercrime. Yet even as collective defenses improve, CertiK’s Gu warned the battle is far from over. “I’m afraid that next year’s [hacks] will still be at a billion-dollar level,” he said.
The warning underscores a sobering truth: the crypto sector may never truly eliminate theft, but it can only keep raising the cost for attackers.
