$3.1B in Web3 attacks: Access control is the core weakness. Hacken report exposes multisig failures and escalating threats in AI infrastructure. Remember the massive Bybit hack? That was precisely about a vulnerability in a third-party service, and today it remains one of the most critical attack vectors. Yes, Bybit restored its balance and liquidity at record speed, but how resilient are other platforms?
AI-driven attacks are also on the rise, as confirmed by another security report we previously covered. Let’s take a closer look at Hacken’s latest analysis.
Just Six Months, and $3.1B Lost in Web3
So far, Web3 security incidents in 2025 have already doubled the losses recorded by the same point last year. And the issue isn’t the blockchain itself — it’s the connected services that form the primary threat vector: 59% of incidents stemmed from some form of access control failure.
This means that in Q1 alone, losses from this category totaled $1.63 billion:
- Bybit ($1.465B). A Safe{Wallet} exploit triggered by a 1-of-1 multisig configuration. A malicious contract was injected via delegate call to control the proxy and initiate a withdrawal. The primitives remained intact – it was the signer validation that failed.
- zkSync ($5M). The airdrop contract was controlled by a “multisig” with an effective threshold of 1-of-1. Leaking a single key granted total control.
- UPCX ($70M). The ProxyAdmin owner upgraded the implementation to a malicious contract and invoked withdrawByAdmin. A full takeover via a system-level role.
- KiloEx ($7.5M). A missing permission check in MinimalForwarder enabled oracle manipulation to open and close profitable positions on BNB Chain, Base, and opBNB.
- Roar. The developer hardcoded their own wallet address with a fixed user.amount in the constructor, giving them withdrawal rights from the start. The backdoor was used immediately after liquidity was added to the LP.
Indeed, the absence of formal access control frameworks (especially off-chain) remains one of the systemic causes of such incidents. “Multisig” in practice often ends up being a single signer with root-level privileges.
DeFi and Smart Contracts
While access control dominated loss volume, standard logic bugs weren’t far behind. After five consecutive quarters of decline, Q2 2025 marked DeFi’s worst quarter since early 2023. Total losses from contract logic flaws reached $263M.
- Cetus ($223M). An overflow in liquidity calculation logic enabled a flash loan to open ultra-narrow tick ranges (300000–300200), sweeping 264 pools – from haSUI ($22M) to AXAI ($2,500). The attack lasted just 15 minutes. Hacken notes that with real-time TVL monitoring and auto-pause, up to 90% of funds could have been saved.
- Cork Protocol ($12 million). After removing a modifier on the beforeSwap hook, attackers were able to invoke the function, inject arbitrary data into CorkCall, forge token structures, and redeem fake components for real tokens. The protocol relied on a custom Uniswap V4 implementation where access validation was disabled.
Phishing and Social Engineering, of Course
$594M – or 19.2% of all losses – came from non-technical attacks relying solely on deception.
- $330M in BTC stolen from an elderly investor. A multi-step scheme involving fake tech support, display of real balances, and psychological pressure to gain access. The funds were peeled through hundreds of wallets, mixed into Monero (causing a 50% XMR price spike), and partially bridged to Ethereum.
- Coinbase leak & support fraud ($100+ million). Following a database compromise, users received phone calls from“support” quoting real balances and offering “assistance.” Most cases ended with the victim revealing seed phrases or keys. Funds were laundered via OTC desks, mixers, and DeFi.
AI and LLM Threats
Hacken reports a staggering 1025% increase in AI-related attacks compared to 2023. The vulnerabilities are no longer in the models themselves, but in the integration infrastructure.
- Langflow (CVE-2025-3248, CVSS 9.8). RCE via the code-validation API. Over 1,050 public instances were affected.
- BentoML (CVE-2025-32375). Insecure deserialization → RCE via crafted headers.
- MITRE Caldera (CVE-2025-27364). A 0-day in the adversary-emulation tool enabled delayed RCE through dynamic code generation.
- Prompt Injection. Researchers successfully injected hidden instructions into Gemini, triggering persistent long-term memory corruption.
- WormGPT and vibe hacking. Attack kits now enable even non-experts to execute large-scale, generative phishing and malware campaigns.
Major Losses – Critical Lessons
Hacken stresses that companies must focus on the following practices to minimize these incidents:
- CCSS + ISO/IEC 27001 as a dual standard for access control (on-chain and off-chain)
- OWASP GenAI Red Teaming + ISO/IEC 42001 for AI-integrated architectures
- TVL Monitor + Safe Multisig Monitor as baseline security controls
- Model Context Protocol (MCP) for secure deployment of agentic LLM systems
