2025 Skynet Hack3D Web3安全报告

Table of Contents Executive Summary ↗These figures represent an approximate37.06%increase in value stolen compared to 2024.However, the number of security incidents year-over-year decreased by137.↗The average amount lost per hack in 2025 was$5,321,935(a66.64%increase from the previousyear), and the median amount stolen was$103,996(a35.75%year-over-year decrease).↗February was the most costly month of the year, with$1,537,106,876lost across 58 incidents, themajority of which was due to the Bybit incident.↗Q1 of 2025 saw the most losses, with$1,671,644,949stolen in200hacks, scams, and exploits. Thesubsequent quarter saw an approximate52%decline in the amount stolen.↗Supply Chain was the most costly attack vector in 2025, with$1,450,914,902lost across2incidents. This represents almost half of the total amount stolen during the year.↗Phishing compromises followed, with$722,885,398stolen across248incidents. Phishing was theattack vector with the highest number of incidents in 2025, slightly above Code Vulnerabilities at240incidents.↗Ethereum experienced the highest number of security incidents, with a total of310hacks, scams,and exploits leading to$1,697,833,313in losses. This resulted in an average of$5,785,179stolenper incident.↗Hackers also heavily targeted Bitcoin with$528,221,350stolen across22incidents.↗Security breaches affecting multiple chains accounted for$460,769,793in losses across29incidents.↗A total of$3,352,850,816was lost across630on-chain security incidents in 2025. The 2025 Skynet Hack3D Report covers the stories and trends that defined the direction of Web3, thecurrent state of the industry, and where the next year might take us. Statistics and Graphs:2025 Year in Review Statistics and Graphs:2025 Year in Review Statistics and Graphs:2025 Year in Review Statistics and Graphs:Q1 2025 Statistics and Graphs:Q2 2025 Statistics and Graphs:Q3 2025 Statistics and Graphs:Q4 2025 Overview The Web3 ecosystem in 2025 entered a period of renewed activity, driven by a combination of favorablemacroeconomic conditions, improving market sentiment, and a markedly more crypto-friendly politicalclimate in the United States. The new U.S. Administration signaled early that digital assets would betreated as a strategic innovation sector rather than a regulatory outlier, restoring confidence amongbuilders and investors. Additionally, decentralized applications broadened their reach into payments,gaming, tokenized assets, and identity, demonstrating crypto’s utility in everyday activities. Thisresurgence in growth, however, was matched by an equally active threat landscape as adversariesrefined both technical and social engineering tactics. Year-over-year comparisons between 2025 and 2024 illustrate the shifting nature of risk. Total lossesin 2025 amounted to$3,352,850,816, versus$2,446,285,251in 2024, representing an approximate37.06%increase. However, when isolating the impact of the Bybit incident, which accounted for adisproportionately large share of annual losses at$1,447,063,421, the industry would have actuallyrecorded a net decrease in funds stolen compared to 2025. This contrast highlights a key trend:while the frequency of smaller attacks remains persistent, adversaries are increasingly concentratingresources into fewer, but significantly larger, high-impact operations. The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem. Additionally, when isolating the Bybit impact (which we include in the Supply Chain category of attackvectors), phishing becomes the top attack vector with$722,885,398stolen across248incidents.Code vulnerabilities closely follows, with$554,646,929stolen in240incidents. In the case of codevulnerabilities, however, more than47%of funds was either frozen or returned, such as in the Cetusincident, which we detail later in this report. Artificial intelligence became one of the defining forces in Web3 security this year, which is used byboth attackers and their defenders. On the defensive side, developers increasingly used AI-assistedtooling to generate tests, identify contract inefficiencies, and improve audit workflows. On the offensiveside, however, attackers also adopted AI at scale. Notable trends included the following: ↗AI-generated phishing websites and wallet pop-ups that were nearly indistinguishable fromauthentic interfaces.↗Automated multi-lingual phishing campaigns, which we discuss in detail in a later section.↗AI-powered reconnaissance, where threat actors scrape on-chain activity and chatroomconversations to identify high-value targets.↗More realistic impersonation attacks, such as fake founder accounts or deepfakes.↗Rapid exploit replication, with attackers using AI tools to produce copycat attacks within short timeperiods. In 2025, regulatory clarity also continued to improve worldwide. In the U.S., theGENIUS Actset earlyframeworks for digital asset transparency and stablecoin oversight,