2025年Web3区块链安全态势年报

Overview - The core viewpoint of the report highlights the severe security situation in the Web3 blockchain space in 2025, with total losses reaching $3.375 billion due to hacking, phishing scams, and Rug Pull incidents, with hacking accounting for over 94% of the losses [1][13]. Group 1: Total Losses and Incident Overview - Total losses in 2025 amounted to $3.375 billion, with 313 major security incidents reported [1][13]. - Hacking incidents caused losses of approximately $3.187 billion, representing 94% of total losses [1][13]. - Centralized exchanges (CEX) were particularly affected, suffering $1.765 billion in losses from 9 attacks, which is 52.3% of the total losses [1][25]. - DeFi projects experienced the second-highest losses at $621 million, but were the most frequently attacked with 91 incidents [1][17]. Group 2: Attack Methods and Notable Incidents - The most common attack method was exploiting contract vulnerabilities, with 62 out of 191 incidents (32.46%) attributed to this method, leading to significant losses [2][32]. - The largest single loss was from a supply chain attack on Bybit, resulting in $1.44 billion lost, which accounted for 42.67% of total losses [2][18]. - Notable incidents included: - Cetus Protocol lost $224 million due to a contract vulnerability [2][39]. - Balancer suffered a loss of $116 million from a price calculation error [2][43]. - Stream Finance lost $93 million due to asset misappropriation [2][19]. Group 3: Chain-Specific Losses - Ethereum remained the most affected blockchain, with 170 incidents leading to losses of $2.254 billion, which is 66.79% of total losses [1][29]. - BNB Chain followed with 64 incidents causing approximately $89.82 million in losses [1][31]. - Base and Solana also reported significant incidents, with 20 and 19 incidents respectively [1][31]. Group 4: Future Threats and Recommendations - The report indicates that future threats will include AI-driven phishing attacks, supply chain risks, and physical coercion [2][51]. - It emphasizes the need for a multi-layered defense system that encompasses technology, awareness, and collaboration to mitigate these risks [2][51].