Core Insights - The report by CertiK highlights that the Web3 industry is experiencing accelerated growth amidst a recovering market and clearer regulatory expectations, yet security risks remain a significant challenge [1][3] Group 1: Security Incidents and Financial Impact - In 2025, there were 630 security incidents in the Web3 sector, resulting in total losses of approximately $3.35 billion, a 37% increase compared to 2024 [1] - Although the number of incidents decreased by 137 from the previous year, the average loss per attack surged to $5.322 million, marking a 66.6% increase, indicating a trend towards targeting high-value assets [1] - Supply chain attacks emerged as the largest source of losses in 2025, with only two recorded incidents causing cumulative losses of $1.45 billion, nearly half of the total annual losses [1][2] Group 2: Notable Incidents - The Bybit incident in February 2025 resulted in approximately $1.4 billion in losses, recognized as one of the largest cryptocurrency thefts to date [2] - Attackers exploited vulnerabilities in third-party multi-signature wallet service providers rather than directly breaching the exchange's systems, highlighting a shift in focus towards critical service providers [2] Group 3: Common Threats and Evolving Techniques - Phishing remained the most prevalent security threat in 2025, with 248 recorded incidents leading to losses of about $723 million, slightly surpassing code vulnerability attacks [2] - The report suggests that the actual number of phishing incidents may be underestimated, as many smaller-scale attacks targeting individual users are not formally reported [2] - The rise of artificial intelligence is lowering the technical barriers for phishing attacks, enabling attackers to create highly realistic phishing sites and messages, which traditional defenses are struggling to identify [2] Group 4: Regulatory Environment and Future Outlook - The global regulatory landscape is evolving positively, with legislative progress in the U.S. regarding stablecoins and digital asset transparency, as well as frameworks like the EU's MiCA and regulatory sandboxes in Singapore and Hong Kong [3] - As institutional and compliant capital continues to enter the market, security capabilities are shifting from reactive measures to being integral to project design and operations [3] - The report anticipates that AI-driven impersonation attacks, complex supply chain intrusions, and social engineering attacks targeting individual users will continue to evolve, emphasizing the need for security to be embedded in project architecture and user experience [3]

RT Security Alliance (@_SEAL_Org)Web3 security at ecosystem scale requires resources & every contribution matters.SEAL 911, Safe Harbor, Frameworks, and our threat intel serve thousands of projects, but they're sustained by a fraction of those who benefit.Help us continue protecting the community in 2026: https://t.co/8rEEiLxW93 ...

Did you know that by the end of H1 25, the total value lost to Web3 security incidents had already surpassed the entire year of 2024?Our research into @GoPlusSecurity highlights how decentralized defense is scaling to meet this challenge. 🧵 https://t.co/mgtEefTlVw ...

Here’s how it could redefine Web3 security:https://t.co/EJtNFZirWO ...

And we’re not doing it alone 🩵Big thank you to our partners joining us in this mission to raise the bar for Web3 security. Together, we’re building an ecosystem where builders + users can thrive with confidence.Meet them 👇 ...