In a devastating first half of the year, the cryptocurrency sector has lost over $2.3 billion to exploits and security breaches, a figure that already surpasses the total losses for the entirety of 2024. A report from blockchain security firm QuillAudits details 43 major incidents in H1 2025, with massive exploits against platforms like Bybit, Cetus, and Nobitex Market underscoring the severe and evolving threats facing the industry. The findings reveal that centralized exchanges were the primary targets, and a mere three attack vectors were responsible for 95% of all stolen funds.
The Anatomy of a Hack: Dominant Attack Vectors
The report breaks down the methods used by attackers, revealing a concentration of risk in a few key areas of vulnerability. Access Control failures, Social Engineering, and Integer Overflow bugs were the top three vectors, demonstrating that both code and human vulnerabilities are being actively exploited.
- Access Control Failures: This was the most financially damaging attack vector, resulting in approximately $1.6 billion in losses, which accounts for about 70% of the total funds hacked. These vulnerabilities occur when unauthorized actors can perform privileged actions due to missing or misconfigured permissions in smart contracts. Protocols including Bybit, Nobitex Market, KiloEx, Force Bridge, and SIR.trading were victims of such flaws.
- Social Engineering Attacks: Targeting the human element instead of code, these attacks deceived users and developers into approving malicious actions, leading to losses of $339.1 million. Attackers leveraged platforms like Zoom, GitHub, and LinkedIn to execute these schemes.
- Integer Overflow: This type of bug, where an arithmetic operation exceeds the maximum limit of its data type, caused a massive $223 million loss in a single incident. The DeFi protocol Cetus was the sole victim of this attack vector among the major incidents analyzed.
Where the Money Was Lost: Top Protocols and Chains
The analysis of losses by protocol category and blockchain network shows that risk is heavily concentrated in the largest and most active segments of the crypto ecosystem.
- Protocol Categories Centralized Finance (CeFi) platforms suffered the most, accounting for $1.59 billion, or approximately 69% of the total funds lost in H1 2025. Individual users were the second-most affected group, losing $339.1 million, primarily through social engineering attacks. Decentralized Exchanges (DEXs) followed with $223 million in losses.
- Blockchain Networks The Ethereum blockchain was the site of the most significant financial damage, with $1.61 billion lost across its ecosystem, representing 70% of the total funds stolen. The report attributes this to the network’s high degree of decentralization. Following Ethereum were the Bitcoin network with $332.64 million in losses and the Sui blockchain with $223 million lost.
Timeline of H1 2025’s Biggest Heists
The report highlights that the top 10 attacks alone were responsible for $2.26 billion, or 98% of the total funds lost during this period.
- Bybit (February 21, 2025): In the largest hack of the year and one of the biggest in crypto history, Bybit lost approximately $1.5 billion. The attack was attributed to the Lazarus group and was executed through a sophisticated social engineering scheme that tricked the exchange’s multisig signers into approving a malicious transaction.
- Cetus (May 22, 2025): The Sui-based DEX was exploited for roughly $223 million. Attackers used a flashswap combined with an integer overflow flaw, which allowed them to mint an outsized liquidity position with a minimal deposit and drain real assets. In a notable response, Sui validators managed to freeze and later return about $162 million of the stolen funds to the protocol via a DAO proposal.
- Nobitex Market (June 18, 2025): This incident was a politically charged cyber assault resulting in losses of over $100 million. Attackers gained access to the exchange’s hot wallets via compromised infrastructure and then strategically destroyed the funds rather than profiting, amplifying their message by leaking sensitive code.
- UPCX (April 1, 2025): The UPCX platform lost $70 million after an attacker compromised a private key controlling a critical ProxyAdmin contract. This access allowed the hacker to perform a malicious upgrade and drain millions of UPC tokens from management accounts.
The Human Factor and Proactive Defense
The report repeatedly emphasizes that technology alone cannot prevent all exploits, highlighting human vulnerability as a critical weak link. The Bybit hack serves as a primary example, where attackers deceived signers despite a seemingly legitimate interface. The report recommends rigorous verification of all transactions and the use of isolated, offline devices for signing high-value transactions.
On the technology front, AI-powered vulnerability detection tools are presented as a key part of a proactive security strategy. The report features QuillShield, an AI tool that helps identify surface-level bugs to accelerate the audit process. The tool successfully identified vulnerabilities that were later exploited in several projects:
- It flagged an “allowance bypass on burn transactions” in the IRYSAI token contract, which was later exploited for $70k.
- It detected a potential backdoor in the YDT Token, which was exploited for a $41.4k loss.
- It found a critical underflow bug in Bankroll Network’s code, which resulted in a $65k loss across two chains.
Conclusion: A Call for Heightened Vigilance
With $2.3 billion lost in just six months, H1 2025 serves as a stark warning to the crypto industry. The dominance of Access Control, Social Engineering, and Integer Overflow attacks shows that projects must focus on both robust code and operational security. As centralized platforms continue to be the most lucrative targets, the need for multi-layered security frameworks, comprehensive audits, and constant vigilance has never been more critical to protect the ecosystem from further catastrophic losses.
