GoPlus RektDatabase reports over 1,200 notable Web3 security incidents in 2025, driving losses above $3.5 billion — a sobering signal for developers and investors.
Key attack vectors were private key theft via trojans and social engineering, phishing, and Rug Tokens scams.
The largest breaches were the Bybit hack ($1.5B on Feb 21), the Cetus hack ($223M on May 22), and the Balancer hack ($128M on Nov 2).
The trend shows more high-value events with a declining cost for minor fraud, as attackers pursue both precision hunting and broad-net schemes.
Twelve incidents exceeded $30M, seven of which tied to CeFi; root causes include administrator and hot wallet private-key theft.