The security situation of Web3.0 is severe: losses surged by 303.4% in the first quarter of 2025

In the first quarter of 2025, the security situation in the Web3.0 field is severe. According to the latest security report, a total of 197 security incidents occurred this quarter, resulting in approximately $1.67 billion in total losses, a significant increase of 303.4% compared to the previous quarter. Among them, an incident involving a certain trading platform caused losses of about $1.45 billion, sparking widespread discussions in the industry about the security of centralized exchanges.

Important Data

• In the first quarter of 2025, there were 197 on-chain security incidents, with total losses of approximately $1.67 billion, an increase of 303.4% compared to the previous quarter.
• The theft of wallets resulted in the most severe losses, with 3 incidents leading to approximately $1.45 billion being stolen.
• 15 cases of private key leakage, resulting in a loss of approximately 140 million USD.
• 81 phishing attacks resulted in losses of nearly $16 million.
• Ethereum suffered 98 attacks, resulting in losses of approximately $1.54 billion.
• Successfully recovered $6.39 million of the stolen funds, accounting for only 0.4% of the total loss.
• The average loss per incident is about 9.55 million USD, with a median loss of approximately 66,000 USD.

Security Trend Analysis

Although the total losses caused by phishing are relatively low, their high frequency characteristic cannot be ignored. This growth trend may be related to the increasingly sophisticated social engineering strategies, such as counterfeit decentralized applications, malicious browser extensions, and identity impersonation based on deepfakes.

Hackers are using advanced technologies such as social engineering, AI, and contract manipulation to breach security defenses. As the adoption rate of digital assets increases and valuations rise, the amount stolen is expected to continue to grow.

However, advancements in blockchain technology may change this situation in the future. Security innovations such as zero-knowledge proofs, on-chain evidence collection tools, and multiparty computation wallets are expected to enhance overall protection capabilities and reduce the threats posed by existing attack methods. The next few quarters will be a critical testing period for the risk resistance capability of the Web3.0 industry.

Industry Development

Despite facing security challenges, some significant regulatory and strategic progress was made in the first quarter of 2025:

• The U.S. government announced the establishment of a strategic digital currency reserve to ensure financial interests in the digital asset ecosystem.
• The U.S. Securities and Exchange Commission has established a special task force for digital currencies, shifting towards providing clearer regulatory guidance.
• The EU has passed the "Digital Assets Market Act" to promote the implementation of regulations in the Web3.0 compliance sector.

Security Advice

In the face of increasingly complex security threats, users and project parties should take the following measures:

1. Strengthen private key management by using secure storage methods such as hardware wallets.
2. Be wary of suspicious links and misleading information on social media.
3. Regularly update security software and use multi-factor authentication.
4. The project team should conduct a comprehensive smart contract audit and a vulnerability bounty program.
5. Establish an emergency response mechanism and conduct regular security drills.

As Web3.0 technology continues to develop, security issues will remain a focus of industry concern. All parties need to work together to build a safer and more trustworthy digital asset ecosystem.