In the first half of 2025, the crypto industry has already lost over $3.1 billion to hacks, surpassing the $2.85 billion stolen in all of 2024, according to a new report by blockchain security firm Hacken. The alarming spike is largely driven by access-control vulnerabilities, smart contract bugs, and a surge in AI-related exploits.

Access-control flaws remain the top threat, accounting for 59% of total losses, while smart contract bugs made up around 8%, costing $263 million. The most devastating attack so far was a $1.5 billion exploit on Bybit in February. Another major incident was the $223 million Cetus hack, which exploited a liquidity overflow bug using flash loans across 264 pools in just 15 minutes.

Security experts warn that outdated smart contract codebases, like GMX v1, continue to be exploited even if no longer actively maintained. Hacken’s Yehor Rudytsia emphasized that legacy systems still running on mainnet need urgent attention to avoid being targeted.

Hacken also reported a 1,025% rise in AI-related attacks compared to 2023, mainly due to insecure APIs. Nearly 99% of AI exploits traced back to these endpoints, while 34% of Web3 projects now operate AI agents in live environments, making them vulnerable to threats like prompt injection, data poisoning, and model manipulation.

Existing cybersecurity standards such as ISO/IEC 27001 and the NIST framework are currently ill-equipped to handle AI-specific risks. The report stresses the urgent need for updated protocols that address this fast-evolving threat landscape.

Despite advances in technical safeguards, crypto’s biggest weakness remains poor operational security — and attackers are adapting faster than the industry can patch up.