Q1 2025 Web3.0 Security Report: Losses Surge 303.4% to $1.67 Billion

The security situation in the Web3.0 field is severe in the first quarter of 2025, and a newly released security report provides an in-depth analysis of the security status during this period. The report shows that a total of 197 security incidents occurred this quarter, with total losses amounting to approximately $1.67 billion, a significant increase of 303.4% compared to the previous period. One major incident resulted in losses of about $1.45 billion, triggering widespread discussions in the industry regarding the security of centralized exchanges.

Key Data

• Quarter Overview: In the first quarter of 2025, a total of 197 on-chain security incidents occurred, an increase of 6 compared to the previous quarter. The total loss was approximately $1.67 billion, a quarter-on-quarter increase of 303.4%.

• Attack Methods: Wallet theft has caused the most severe losses, with just 3 incidents leading to approximately $1.45 billion stolen. Key leakage is next, with 15 incidents resulting in about $140 million in losses. Phishing attacks are the most frequent, with 81 attacks causing nearly $16 million in losses.

• Affected Blockchain: Ethereum has been attacked the most, with 98 incidents causing approximately $1.54 billion in losses.

• Funds Recovery: Successfully recovered $6.39 million of stolen funds, accounting for only 0.4% of the total losses, significantly lower than 42.1% in the previous quarter. No stolen funds were recovered in February.

• Average Loss: The average loss per incident is about $9.55 million, with a median loss of about $66,000.

Security Trend Analysis

Although the total losses caused by phishing are relatively low, its high frequency characteristics are worth noting. The increase in this type of attack may be related to increasingly sophisticated social engineering strategies, such as counterfeit decentralized applications, malicious browser extensions, and deepfake identity impersonation.

The competition between innovation and attack is accelerating, and security defenses are struggling to keep up with the evolution of attack methods. Hackers are breaching security lines using social engineering, AI, and contract manipulation techniques. With the increase in the adoption rate of digital assets and rising valuations, the amount stolen is expected to continue increasing.

However, advancements in blockchain technology may change this situation. Security innovations such as zero-knowledge proofs, on-chain verification tools, and multi-party computation wallets are expected to enhance overall protection capabilities and reduce the threats from existing attack methods. The next few quarters will be a critical test period for the risk resistance capability of the Web3.0 industry.

Industry Development

Despite facing security challenges, there are still significant regulatory and strategic advancements in the first quarter of 2025:

• The U.S. government has announced the establishment of a strategic digital currency reserve, aiming to safeguard America's financial interests in the digital asset ecosystem.
• The U.S. Securities and Exchange Commission has established a special task force for digital currency, shifting towards providing clearer regulatory guidance.
• The EU has passed technical standards for the Digital Assets Market Act to advance the implementation of regulation in the Web3.0 compliance sector.

Security Recommendations

The report provides suggestions for users and project parties to enhance security:

1. Strengthen private key management and use hardware wallets to store large assets.
2. Be wary of phishing links and false information on social media.
3. Regularly update security software and promptly fix known vulnerabilities.
4. The project team should conduct a comprehensive security audit and establish an emergency response mechanism.
5. Promote multi-signature and multi-factor authentication technologies.
6. Strengthen community education and raise user awareness of security.

In the future, the Web3.0 industry needs to work together on technological innovation, regulatory improvements, and user education to face increasingly complex security challenges and build a safer and more reliable digital asset ecosystem.