Workflow
2025年第一季度Web3.0安全报告
Sou Hu Cai Jing·2025-07-15 19:22

Core Insights - The Web3.0 industry faced a significant increase in security incidents in Q1 2025, with a total of 197 on-chain security events resulting in approximately $1.669 billion in losses, marking a 303.38% increase compared to the previous quarter [1][9][20] - Wallet theft emerged as the primary threat, accounting for nearly 87% of total losses, with just three wallet-related incidents causing around $1.451 billion in damages [1][9][21] - Ethereum was identified as the most affected blockchain, with 98 incidents leading to losses of approximately $1.541 billion, driven by its extensive use in DeFi and smart contracts [1][9][23] Incident Breakdown - The Bybit exchange experienced the largest security breach in Web3.0 history on February 21, 2025, with approximately $1.45 billion stolen due to a sophisticated attack that manipulated transaction approvals [2][25] - Other notable incidents included Phemex, which lost about $71.7 million due to private key leakage, and 0xInfini, which suffered a loss of approximately $49.5 million due to an administrator privilege vulnerability [2][26][27] - Phishing attacks were prevalent, with 81 incidents resulting in losses of around $1.579 million, highlighting the need for improved user security education [3][21] Recovery and Regulatory Actions - The industry struggled with fund recovery, managing to recover only $6.39 million, which is 0.38% of total losses, significantly lower than the previous quarter's recovery rate of 42.09% [3][18][21] - Regulatory developments included the establishment of a Strategic Cryptocurrency Reserve by the U.S. government and the formation of a special task force by the SEC to provide clearer regulatory guidance [3][20][21] Security Challenges and Innovations - The Web3.0 sector is grappling with complex security challenges as attackers employ advanced techniques, including social engineering and AI [4][23] - Innovations such as zero-knowledge proofs, on-chain evidence tools, and multi-party computation wallets are being explored to enhance security measures [4][23]