Lost money in recent crypto breaches? Welcome to Web3: Where innovation meets billion-dollar heists, and more heading our way this year!

In analyzing its Q1 2025 ecosystem data, a Web3 blockchain security firm handling smart contract audits and a comprehensive suite of security tools has released some findings from the data.

First, the data reflects the Feb 2025 Bybit crypto heist costing victims US$1.447bn, bringing the tally of losses to around US$1,668,991 for 197 Q1 incidents recorded in total.

Second, wallet compromise was found to be the most devastating vector in the data: US$1.45bn lost across three incidents: the Bybit crypto heist, the Phemex incident resulting US$71m of losses; and the OxInfini breach worth US$49m in losses.

Other data trends in Q1

Third, in terms of security incidents in the Q1 data, those involving Ethereum numbered 98, the highest among all contenders. The total losses were US$1.54bn (including the Bybit losses). Ethereum’s widespread use in multi-chain bridges has been noted to “increase the risks of cross-chain vulnerabilities, as attackers seek to exploit the weakest link in interoperability layers”. Also:

  • Private key compromises, which are a sub-section of wallet hacks, had accounted for US$142.37m of losses across 15 incidents.
  • With around US$6.392m of lost funds returned in some incidents, the total losses for Q1 was reduced to US$1.662.6bn.
  • The average loss per incident was US$9.549m, with a median of US$66,303 per incident, for Q1 data.
  • Advancements in regulatory and strategic policies for Q1 include the formation of a Strategic Cryptocurrency Reserve for the USA, the SEC’s Crypto Task Force to provide clearer guidance through moving away from an “enforcement-first” approach, and the EU’s finalization of MiCA regulation technical standards

In publishing its Q1 data findings, CertiK has noted that it expects “the amount stolen will continue to rise. However, blockchain-based innovations such as zero-knowledge proofs, on-chain forensic tools, and improved multi-party computation wallets could enhance security and reduce the effectiveness of current attack vectors. The coming quarters will be a critical test of the industry’s resilience.