Ethereum led all ecosystems in security losses in the first half of 2025, with DeFi platforms losing around $470 million, according to the blockchain security firm.
The Ethereum ecosystem has been the most affected by security incidents in the first half of 2025, according to a mid-year report by blockchain security firm SlowMist.
Out of 121 total recorded incidents, Ethereum-related projects suffered around $38.6 million in losses. DeFi platforms were the most frequent targets, accounting for 92 incidents and roughly $470 million in losses, or about 76% of all attacks during the period.
There were fewer reported incidents in the first half of 2025 than in the same period last year, but the amount of money lost increased, primarily due to the $1.5 billion Bybit hack. In the first half of 2024, there were 223 incidents resulting in approximately $1.43 billion in losses.
In 2025, there were 121 incidents, but estimated losses reached about $2.37 billion. SlowMist said the real number might be higher, since some cases go unreported and token prices fluctuate over time.
Attack Vectors
Most of the attacks leveraged account compromises and smart contract bugs. Account takeovers were the most common, with 42 cases, followed by 35 incidents caused by contract vulnerabilities.
The report also revealed emerging risks tied to Ethereum’s EIP-7702 wallet delegation feature, which was introduced as part of the Pectra upgrade earlier this year. The feature allows users to authorize smart contracts to act on their behalf without having to swap out their wallet address.
In one example, a phishing group called Inferno Drainer reportedly stole over $146,000 by abusing the new mechanism.
“Even if the contract itself has no backdoors, if you are tricked by a phishing site into granting authorization, attackers can exploit the contract’s full operational capabilities to drain your assets in bulk,” SlowMist said.
The exploit used standard wallet tools to trick the user into approving token access in bulk, a type of risk that, according to SlowMist, may not always be detected by anti-phishing tools.
Other risks associated with EIP-7702 include potential private key leaks, replay attacks across multiple chains, and issues that could arise during wallet upgrades, the blockchain intelligence firm noted.
Analysts at SlowMist noted that EIP-7702 brings “new risk boundaries,” adding that users must “fully understand who they are authorizing and what permissions they grant before signing any delegation.”
Source: https://thedefiant.io/news/research-and-opinion/ethereum-hit-by-most-security-incidents-in-h1-2025-slowmist