The world of Web3 continues to grow, but alongside its explosive popularity comes unprecedented security challenges. The recently released CredShields’ H1 2025 Web3 Security Report has unveiled shocking statistics — a staggering $2.72 billion was lost in 56 separate hacking incidents during the first half of 2025. This eye-opening report serves as a critical reminder of the importance of robust security measures in the blockchain ecosystem.
The Key Takeaways from the Report
CredShields compiled this report using an arsenal of data sources, including over 2.5 million SolidityScan runs and comprehensive reviews from Web3HackHub. Here’s what you need to know:
- Total Losses: $2.72 billion was drained in a mere six months.
- Biggest Culprits: Major incidents included the $1.45 billion Bybit hack, a $250 million LIBRA insider scheme, and a $223 million loss due to Cetus Protocol’s security loophole.
- Most Affected Chains: Ethereum accounted for 65% of the losses, while BNB Chain and Solana reported losses around $250 million each. Newer blockchains like Sui and Arbitrum also fell victim, with $223 million and $56 million lost, respectively.
High-Profile Hacks: A Breakdown
Among the most devastating incidents outlined in the report were:
- Bybit: A compromised user interface allowed hackers to exfiltrate $1.45 billion from the platform.
- LIBRA: An insider scam that drained $250 million from users, with insiders gaining $110 million.
- Cetus Protocol: An integer overflow vulnerability that cost the protocol $223 million.
- Others: Issues like a hot wallet breach at Phemex ($70–73 million) and improper admin upgrades at UPCX ($70 million) further contributed to the staggering losses.
Why Security Remains a Challenge
Despite rapid advancements, security loopholes continue to plague Web3 infrastructure. According to Shashank, co-founder of CredShields, most vulnerabilities stem from poorly designed user interfaces, excessive permissions, unsafe third-party dependencies, and rushed updates. He emphasized, “Think about security from the start to avoid fixing problems later.”
Common attack vectors include:
- Bypassing multi-signature wallets via interface exploitation.
- Insider threats, as seen in the LIBRA scheme.
- Flawed third-party code integrations, such as Cetus Protocol’s integer overflow.
Proactive Measures for Web3 Security
CredShields is leading the charge in cybersecurity with tools like SolidityScan, which identifies vulnerabilities in smart contracts and maps security risks to the OWASP Top 10. They also maintain Web3HackHub, a comprehensive database of historic and ongoing security incidents in the blockchain space.
Developers and users can protect themselves by ensuring:
- Frequent security scans, especially before pushing updates.
- Proper permission allocation and restricting roles unnecessarily.
- Rigorous testing of third-party code before integration.
Conclusion: Security Must Be a Priority
The Web3 ecosystem is undeniably the future of our digital world, but such a future cannot thrive without a rock-solid foundation of security. CredShields’ latest report is not just a wake-up call but also a guide for developers, users, and businesses to take security seriously.
For those building on blockchain technologies, tools like SolidityScan can be invaluable in mitigating risks and ensuring the sustainability of their projects. Explore more about their solutions by visiting their website.
