CertiK Report: Over 700 Web3 Security Incidents in 2025 Resulted in $3.35 Billion in Losses

CertiK released the 2025 Skynet Hack3D Security Report, which shows that the total loss for the year in the 2025 Web3 Security Report reached $3.35 billion, with over 700 security incidents occurring.

The report points out that although the Web3 ecosystem is experiencing a recovery due to improvements in the macroeconomic environment and support from U.S. policies, the threat landscape is becoming increasingly complex. Attackers are concentrating resources for large-scale operations, primarily targeting high-value objectives such as private key management, authentication, and access control.

Data shows that the average loss per attack in 2025 was $5.32 million, an increase of 66.64% year-on-year, while the median loss amount decreased by 35.75% to $104,000. February became the most severe month of the year due to the Bybit incident, with losses reaching $1.537 billion, accounting for nearly half of the total annual losses. Supply chain attacks were the most expensive attack method, causing losses of $1.45 billion, while phishing attacks ranked first in number with 248 incidents. Ethereum was the most attacked ecosystem, with 310 incidents occurring and losses amounting to $1.698 billion.