In the first quarter of 2025, losses from hacker attacks in the Web3 sector reached $1.98 billion — this is 96% more than in the same period last year. This is according to a report by Hacken experts, which they shared with Incrypted.
Hacken co-founder and head of business development Eugenia Broshevan said that this quarter was a wake-up call for the entire industry, and the main reason for hacks was operational errors, not bugs in smart contracts.
The paper said that vulnerabilities in smart contracts accounted for only 0.84% of total losses, and money laundering is becoming increasingly difficult.
The report shows that both centralized and decentralized players were victims of hackers, and the main reasons for the hacks were:
- errors in operational processes;
- weaknesses in access controls;
- social engineering.
«The key takeaway from the quarter is that there are no new attack techniques, but old methods remain effective. Most losses are caused by multi-signature management errors. While smart contract vulnerabilities remain an issue, the greatest losses are due to human error, processes and access systems», the statement said.
Major incidents
The largest hacker attack of Q1 2025 is the hack of the Bybit exchange. Attackers stole more than $1.46 billion.
In addition, Hacken noted a massive rug pull related to the LIBRA token, which was heavily promoted by the Argentine president. Insiders made more than $300 million, triggering a rise in the token’s exchange rate before its sharp collapse after the mass release.
Total losses of DeFi protocols amounted to $81 million, which confirms the trend of decreasing losses in this segment over the last year. Experts noted the following incidents:
- Infini — $50 mln;
- zkLend — $9.6 mln;
- Ionic — $12.3 million.
Multi-signature attacks
According to Hacken, for the third quarter in a row, the largest attack in Web3 is related to multi-signature wallet vulnerabilities. Specifically, in Q3 and Q4 2024, the WazirX exchange lost $235 million and Radiant Capital lost $55 million.
«In each of these cases, Safe’s multi-signature infrastructure was used. The problem is not smart contracts, but a lack of adequate operational security, weak signing processes, and insufficient transaction verification tools», the paper said.
Experts noted that multi-signature is not a bug, but instead a critical technology. It’s just that these attacks are a wake-up call that security infrastructure needs to be strengthened and access management needs to be improved, the report said.
Hacken explained that a multisignature is a wallet that requires multiple private keys, rather than one, to complete a transaction. According to them, multi-signature wallets are still being attacked because of:
- hacked interfaces;
- negligence of signatories;
- lack of transaction verification.
Recall, earlier PeckShield experts said that losses from hacker attacks on cryptocurrency projects in the first quarter of 2025 reached $1.63 billion.