2025-12-30 10:24:23

According to the latest "2025 Security Report" released by cybersecurity organization Hacken, the security situation in the cryptocurrency industry in 2025 is not optimistic. Web3 platforms suffered a total loss of $4 billion, a 37% increase from $2.85 billion in 2024, which is a concerning growth rate.

What is even more worrying is that over half of these losses stem from organized attacks by North Korean hackers. A single hacking incident at a well-known exchange in February resulted in approximately $1.5 billion in losses, highlighting the severity of the issue.

Looking at the annual incident statistics, there were a total of 155 major security events. The losses were not evenly distributed — the first quarter alone saw peaks exceeding $2 billion, then decreasing each quarter, falling back to about $350 million in the fourth quarter. This trend reflects an increased security awareness in the industry following these major incidents.

Interestingly, the largest losses were not caused by technical vulnerabilities. Data shows that access control failures and operational security breakdowns accounted for the majority, causing $2.12 billion in damages, representing 54%. In comparison, smart contract vulnerabilities resulted in only $512 million in losses. This indicates that the root causes are often simpler and more frustrating — weak private keys, compromised signers, and irregular offboarding processes. These seemingly basic operational oversights are actually the easiest targets for hackers.

This data serves as a wake-up call: cryptocurrency exchanges cannot rely solely on technical defenses; operational security must be elevated to the same level. The industry is calling for the establishment of mandatory regulatory standards — only through systematic security standards and procedures can such preventable losses be truly reduced.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

8 Likes

Reward
8
8
Repost
Share

Comment

0/400

SchrodingerWallet

· 4h ago

Is it again operational negligence? To put it simply, it's a human problem. No matter how advanced the technology is, it can't prevent insider threats. --- North Korean hackers are indeed outrageous. $1.5 billion gone in one go? I bet the exchange executives didn't sleep well over this wave. --- 54% of the losses stem from basic operational vulnerabilities... Honestly, it's a bit ironic. Technical issues are actually not the main problem. --- Private keys being cracked, signers compromised—these are all avoidable issues. It seems many exchanges are still operating bare-handed. --- After the $2 billion loss in Q1, the losses have decreased quarter by quarter. Does this mean everyone has learned their lesson? Or are there simply fewer cases? --- Instead of waiting for regulatory standards to be introduced, exchanges should first solidify their basic security measures. Don't rely solely on policies. --- Low-level mistakes like weak private keys are still happening... I'm truly speechless. Isn't this just opening the door for hackers? --- A sharp increase of $4 billion, this number looks utterly despairing... How many more times does it need to happen to attract attention? --- Leakage caused by unstandardized resignation procedures? It seems some exchanges' internal management is like a small workshop.

View OriginalReply0

MetaMasked

· 6h ago

North Korean hackers directly cause chaos, with operational management exposed for numerous vulnerabilities... this is the real breach point.

View OriginalReply0

DefiVeteran

· 6h ago

Are these basic mistakes again? Weak key cracking signers, honestly it's still a human problem. No matter how good the technology is, it can't stop insiders. --- 4 billion in losses, North Korean hackers are really outrageous. That's the real point to focus on. --- After peaking at 2 billion in the first quarter, it dropped? Seems like everyone has learned to be smarter, finally using their brains. --- Operational security accounts for 54% of losses? Haha, this is really incredible. Just having code audits is useless. --- That $1.5 billion deal with North Korea—hackers are even better than exchange management. --- Why is no one holding those management responsible? Every time it's just "raising awareness," and nothing else is said. --- 155 major incidents. Think about how many small incidents in 2025 haven't been reported. --- Unstandardized resignation procedures, this really can't be washed away. It's too embarrassing. --- So no matter how complex the technology is, it's all useless. The basics must be done well first.

View OriginalReply0

gas_fee_therapy

· 6h ago

It's another North Korean hacker, really annoying. These guys are too professional. $4 billion gone... Oh my God, what are we even playing Web3 for? Basically, it's internal leaks + poor management. No matter how good the technology is, it's useless. 15 billion in one go? I'll never earn that in my lifetime. Operational security really needs to be tightened, stop always thinking about upgrading contract code. By the way, who dares to go all-in in this environment? Truly brave. 54% of the losses come from fundamental operational issues. Oh, this is just too outrageous. Regulatory standards should have been strictly enforced long ago, or it will always be a vicious cycle.

View OriginalReply0

TokenTherapist

· 6h ago

Ah, it's those North Korean folks again. Losing 1.5 billion USD in an afternoon is truly outrageous. --- Basically, it's a lack of fundamental skills. No matter how advanced the technology is, it can't withstand internal sabotage. --- Losing 4 billion USD, just thinking about it makes me numb... When will this industry finally be able to operate with peace of mind? --- Operational security accounts for 54%? It shows that most exchanges simply don't take this aspect seriously. --- Weak private keys being cracked by signers... I just want to ask, how are there still so many people using such ancient technology? --- Reorganization is necessary; relying solely on programmers to fix vulnerabilities is really pointless. --- They lost over 2 billion USD in the first quarter alone, and only then did they start to defend? That reaction speed makes me laugh to death. --- It's really just greed. They don't want to spend money on operations and management, only to regret it after something goes wrong.

View OriginalReply0

MetaLord420

· 6h ago

Damn, 4 billion USD is gone. What the hell are we even playing at, brothers? --- North Korean hackers directly exploited the system, while we're still trading coins... So ironic. --- Wait, turns out the big issue is management? Not a technical vulnerability? That's outrageous. --- Weak private keys cracking signers, in simple terms, it's internal management chaos. No wonder it was stolen. --- Over 2 billion USD lost in the first quarter alone, only decreased afterward. That's just tuition fees, folks. --- 155 incidents, averaging less than one per day. Can't live like this anymore. --- Even if we boast about smart contract audits, it's useless. They don't follow a technical approach at all, they go straight to management. --- I'm numb from 155 hacks. The exchange's security standards need to be rebuilt from scratch.

View OriginalReply0

SelfSovereignSteve

· 6h ago

4 billion USD lost, and the operation still isn't sorted out? That's hilarious, is it as hard as fixing code? Isn't this just a human problem? All the fancy technology is useless. Those North Korean guys are really ruthless, 1.5 billion in one go. The exchange must not be paying enough attention. Leaving procedures can become a loophole? How absurd must it be to be like this? Wait, 54% is an operational issue? That's a pretty bleak statistic. If this continues, Web3 will be completely dead in another two years. By the way, why not find a reliable exchange... Never mind, they're all the same.

View OriginalReply0

TerraNeverForget

· 6h ago

4 billion USD lost, is North Korea's brother again harvesting? Truly outrageous, no one can defend against it, right? Even resignation processes can become vulnerabilities; this operational level... is just so-so. North Korean hackers earn more than I do, society's sadness. 54% of losses come from operational mistakes? Basically, it's a human issue; technical protection is actually superficial. It seems that by 2025, exchanges really need to thoroughly check their internal processes, or they'll keep bleeding.

View OriginalReply0