Web3 Security Report: Major Losses and Industry Development in Q1 2025

In the first quarter of 2025, the security situation in the Web3.0 field is severe, with a total of 197 security incidents occurring, resulting in an estimated loss of about $1.67 billion, a month-on-month surge of 303.4%. Among these, a significant incident caused a loss of approximately $1.45 billion, triggering widespread discussion in the industry regarding the security of centralized exchanges.

Key Data

• Quarterly Overview: 197 security incidents, losses of $1.67 billion, a quarter-on-quarter increase of 303.4%
• Attack methods: Wallet theft resulted in the most severe losses, approximately $1.45 billion; 15 incidents of private key leakage resulted in losses of $140 million; 81 phishing incidents resulted in losses of $16 million.
• On-chain distribution: Ethereum suffered 98 attacks, resulting in losses of approximately $1.54 billion
• Fund Recovery: Successfully recovered $6.39 million, accounting for only 0.4% of total losses.
• Average loss: the average loss per incident is $9.55 million, with a median of $66,000.

Security Trends

Phishing attacks are frequent, and although the losses per incident may be small, the overall risk cannot be ignored. The methods of attack are becoming increasingly complex, involving forged applications, malicious extensions, and identity impersonation as part of social engineering strategies. The race between innovation and attacks is accelerating, with hackers breaking through security defenses using AI, contract manipulation, and other means.

However, advancements in blockchain technology may change this situation. Innovations such as zero-knowledge proofs, on-chain evidence collection tools, and multi-party computing wallets are expected to enhance overall protection capabilities and reduce existing attack threats. The next few quarters will be a critical test period for the risk resistance capability of the Web3.0 industry.

Industry Development

Despite facing security challenges, there are still significant regulatory and strategic advancements in the first quarter of 2025:

• The U.S. government announced the establishment of a strategic digital currency reserve.
• The U.S. Securities and Exchange Commission has established a special task force on digital currencies, shifting to provide clearer regulatory guidance.
• The EU passes the "Digital Assets Market Act" to advance the implementation of regulations in the Web3.0 compliance sector.

Industry Events

This quarter, experts in the Web3 security field actively participated in several important activities:

• Signed a strategic cooperation memorandum with the Korean digital asset exchange
• Hosting the "Space" event in Hong Kong to discuss the trends of collaborative evolution among technology, business, and regulation.
• Release formal verification research for core components of the new operating system.
• Publish multiple technical analysis and popular science articles covering topics such as data protection, token ecology, and asset security.

Conclusion

This quarterly report provides an in-depth analysis of the most attacked blockchains, significant security incidents, and the development trends of Web3.0, offering suggestions for users and project parties to enhance security. The Web3.0 industry is facing severe security challenges, requiring collective efforts from all parties to improve overall security levels.