Surge in Crypto Security Losses: Fewer Attacks, But Significantly Greater Destructive Power
- Core Insight: Despite a decrease in the number of crypto security incidents, the total annual loss amount still surged to approximately $3.3 billion. This is primarily because attackers have pivoted towards complex attacks targeting high-value objectives, reflecting a shift in industry security risks from project-level technical vulnerabilities to ecosystem-level systemic risks.
- Key Elements:
- The total annual loss is estimated at around $3.3 to $3.35 billion, primarily stemming from a few high-impact attacks. While the total number of incidents decreased, the average loss per incident rose by over 60%.
- Supply chain attacks were particularly destructive. Just two major incidents accounted for approximately $1.45 billion in losses, nearing half of the annual total.
- The Bybit incident serves as a typical case study, involving around $1.4 billion in losses, highlighting the systemic risks associated with targeting core infrastructure.
- The nature of security risks is shifting from smart contract vulnerabilities towards risks related to infrastructure and dependencies, demanding higher standards for ecosystem-level protection.
- Security capability has become a critical threshold for institutional participation. The future development of the industry depends on maintaining operational resilience in the face of highly destructive attacks.
Multiple Authoritative Reports Confirm Significant Increase in Annual Losses
According to comprehensive reports from several authoritative English media outlets and research institutions, including CoinTelegraph, blockchain security firm CertiK, and Business Insider, although the number of crypto asset security incidents throughout the year has decreased compared to previous periods, the total losses caused by hacks, exploits, and scams still rose to approximately $3.3 billion to $3.35 billion due to several high-impact attack events.
This trend reveals a shift in the structure of crypto security risks: the frequency of routine, low-value attacks is declining, while a few highly sophisticated, targeted attacks account for the vast majority of the total losses.
Number of Incidents Declines, but Average Loss per Attack Rises Significantly
Citing data from CertiK's annual security review, CoinTelegraph reports that although the total number of crypto security incidents decreased year-on-year, the average loss per incident increased by over 60% year-on-year, reaching approximately $5.3 million.
This trend is also corroborated by long-term research from blockchain analytics firm Chainalysis. Relevant analysis points out that attackers are gradually concentrating their resources on high-value infrastructure and critical nodes, rather than scattered, small-scale attacks targeting retail users, thereby significantly amplifying the economic impact of each successful attack.
Supply Chain Attacks Constitute Major Portion of Total Losses
Multiple reports jointly emphasize that supply chain vulnerabilities have become one of the most destructive attack vectors. According to CertiK data, just two major supply chain-related events caused losses of approximately $1.45 billion, accounting for nearly half of the annual crypto security losses.
Unlike traditional smart contract vulnerabilities, supply chain attacks typically bypass conventional code audits, directly targeting third-party dependencies, development environments, or underlying infrastructure. This makes the attacks more covert, with a broader impact scope and higher remediation costs.
Bybit Incident Becomes a Typical Case of Systemic Risk
Among all disclosed incidents, the Bybit security event that occurred in February 2025 is considered the most severe single attack case of that year. According to reports from CoinTelegraph and Business Insider, the incident involved the loss of approximately $1.4 billion in digital assets, making it one of the largest hacks in crypto industry history.
Following the incident, CoinTelegraph reported that Bybit initiated large-scale security remediation measures, including multiple rounds of external security audits and internal process upgrades, and restored platform liquidity levels within approximately 30 days. This process highlights both the systemic impact of the event itself and the recovery capabilities required by large platforms under extreme risk.
The Nature of Crypto Security Risks is Undergoing a Transformation
Combining analyses from CoinTelegraph, CertiK, and Chainalysis, it is evident that crypto security risks are shifting from primarily technical issues centered on contract vulnerabilities to systemic risks focused on infrastructure and dependencies. In this context, code audits at the single-project level can no longer adequately cover the most destructive sources of risk.
This change imposes higher demands on exchanges, protocol projects, and institutional-level participants. Security defense systems need to be upgraded from a "project-level" to an "ecosystem-level" approach.
Security Capability Becomes a Critical Threshold for Institutional Participation
As the global regulatory environment gradually clarifies and institutional participation continues to expand, security performance is becoming a key factor influencing market trust and institutional access. Multiple English reports indicate that the future development of the crypto industry depends not only on the improvement of compliance and regulatory frameworks but also on platforms' ability to maintain operational resilience in the face of low-frequency but highly destructive attack scenarios.
From this perspective, the latest disclosed loss data is not merely a summary of individual events but also a real-world stress test for the operational maturity of the entire industry.
