CertiK Reports $3.35 Billion in Web3 Losses for 2025

CertiK’s latest data shows $118M in on-chain security losses, with phishing dominating; Trust Wallet’s $8.5M hack had minimal recovery, underscoring persistent vulnerability in fund retrieval.

ETH

78d ago

Fact Check

The statement is strongly supported by multiple high-authority sources. The most compelling evidence includes a summary of a press release from Business Insider, a report from the same reputable outlet, and a summary attributed to CertiK's own official social media account. All three of these high-authority sources explicitly and consistently state that CertiK's '2025 Skynet Hack3D Report' found that $3.35 billion was lost in Web3 security incidents during that year. This is further corroborated by a crypto-focused news article that confirms the same details.A minor conflict exists with two lower-authority sources that cite a slightly different figure of $3.5 billion. However, this discrepancy is not significant enough to undermine the core claim, as it could be due to rounding or different inclusion criteria in their reporting. The weight of the high-authority evidence directly supporting the $3.35 billion figure is substantially greater. Other sources provided were either of very low authority (unattributed social media) or low relevance (citing a quarterly report instead of the annual one), and thus do not significantly impact the assessment. Overall, the evidence strongly and consistently points to the statement being true.

Summary

CertiK’s 2025 Skynet Hack3D report recorded $3.35 billion in total Web3 losses from over 700 incidents, now adding on-chain-specific figures of $118 million. Phishing attacks led these losses at $93.46 million, including $51.85 million from address poisoning. Trust Wallet’s $8.5 million exploit was the largest single on-chain event, with only $159,000 recovered, highlighting weak fund retrieval success rates. February remained the worst month overall due to the $1.537 billion Bybit breach, while Ethereum suffered $1.698 billion in damages across 310 incidents.

Terms & Concepts

Web3: An umbrella term for a decentralized internet ecosystem built on blockchain technology, involving cryptocurrencies, smart contracts, and decentralized applications.
Supply chain attack: A cyberattack targeting vulnerabilities in a third-party vendor or service provider to compromise a primary organization.
Address poisoning: A phishing technique exploiting similarity between legitimate and malicious blockchain addresses to trick users into sending funds to the attacker.