Hacken Security Report 2025 Reveals Nearly $4 Billion Losses in Web3

Context of Losses in Web3

The annual security report from Hacken for 2025 indicates that total losses within the Web3 ecosystem have soared to approximately $3.95 billion, marking an increase of about $1.1 billion compared to 2024. More than half of these losses are attributed to actors operating out of North Korea.

Main Causes of Losses

Hacken warns that losses peaked at over $2 billion in the first quarter of the year, before decreasing to approximately $350 million by the fourth quarter. The report highlights that while coding errors are significant, the most substantial and hardest-to-recover losses stem from security weaknesses, compromised keys, and ineffective offboarding processes.

Access Control, a Major Issue

According to the report, failures in access control and operational security deficiencies accounted for roughly $2.12 billion, or nearly 54% of all losses in 2025, compared to about $512 million arising from vulnerabilities in smart contracts.

Pressure on Regulations

Yehor Rudystia, head of the forensics department at Hacken, stated that regulations in the U.S., European Union, and other significant jurisdictions are reaching stricter standards regarding security. Nevertheless, many companies in the Web3 space continued to adopt insecure practices in 2025, failing to rectify their approaches in light of the new requirements.

Forecasts for 2026

Hacken predicts that security standards will continue to rise, with regulations becoming more stringent. Co-founder and CEO of Hacken, Yevheniia Broshevan, emphasized the opportunity for the industry to enhance security by adopting clear protocols and essential monitoring tools.