CertiK concedes crypto hacking threat is an 'endless war' after $2.5B loss in 2025

The blockchain security firm CertiK has warned that the crypto industry faces an “endless war” against hackers after reporting nearly $2.5 billion in digital asset thefts during the first half of 2025.

Ronghui Gu, professor of computer science at Columbia University and co-founder of CertiK, said the industry is in an “asymmetric conflict with cybercriminals.” He mentioned that attackers only need to find one flaw to cause major damage, while defenders must secure millions of lines of code across decentralized protocols.

“As long as there’s a weak point or some vulnerabilities out there, sooner or later they will be discovered by these attackers,” Gu said during a Chain Reaction space on X held last Friday. “So it’s an endless war.”

The CertiK co-founder said that cybersecurity defenses are improving by the day, but hackers have become more sophisticated. He further warned that the value of digital assets stolen in 2026 could still hit the billion-dollar level.

Hack3d report: Billions stolen in first half of 2025

In its latest Hack3d report released Tuesday, CertiK estimated that $2.4 billion was lost across 344 incidents during the first half of 2025.

Wallet compromise was the most damaging type of attack, with 34 incidents leading to more than $1.7 billion in losses. Phishing ranked second in total value stolen, with attackers netting more than $410 million across 132 incidents.

Although wallet compromises resulted in the highest financial losses, phishing accounted for the largest number of attacks so far this year.

CertiK said Ethereum is the primary target for hackers, having suffered 175 incidents in the first six months of the year, leading to more than $1.6 billion in losses from hacks, scams, and exploits.

The report also showed that only a fraction of stolen funds were recovered. Of the nearly $2.5 billion lost, just $187 million was returned, leaving adjusted total losses of more than $2.28 billion.

On average, each security incident caused $7.1 million in losses, though the median loss per case was significantly lower at $89,026.

Much to the relief of the crypto community facing the staggering theft totals, CertiK reported that losses declined in the second quarter of 2025. A total of $801 million was stolen across 144 incidents, 52.1% less in value than the year’s first quarter. The number of cases also fell, with 59 fewer incidents reported.

Phishing was still the leading attack vector in the second quarter, responsible for nearly $395 million in losses from 52 cases. Code vulnerabilities followed, with almost $236 million lost across 47 incidents.

CertiK: Hackers take advantage of human nature

Gu told listeners that even though every protocol is working to strengthen their defenses, attackers are turning to weaknesses in human behavior. He propounded that hackers exploit psychological loopholes to bypass technological barriers.

“Let’s say that your protocol or layer 1 blockchain becomes more secure,” Gu said. “Then they may target human beings behind it. The people who have the private key and so on.”

CertiK’s analysis of 2024 found that nearly half of all security incidents in the crypto industry were linked to operational ties such as private key compromises.

This year, hackers have been using social engineering techniques to trick victims into clicking fraudulent links or signing malicious transactions, which can expose private keys and drain wallets.

Coinbase was among the crypto businesses that fell to a social engineering scam, which saw them lose over $300 million, Cryptopolitan revealed in May. 

KEY Difference Wire helps crypto brands break through and dominate headlines fast