Hey Web3 fam 👋
Web3 lost $2.54 billion across 89 security incidents in 2025, and the patterns behind those losses are more concentrated, costly, and human-driven than ever before.
Today, we’re releasing our annual security report:
Exploited Ledgers: The Web3 Hack Report 2025
This report is based on a comprehensive analysis of confirmed incidents, examining the causes and circumstances of losses, rather than just the amount lost.
Key findings at a glance:
- $2.54B lost across 89 incidents, with fewer attacks but significantly higher average loss per exploit.
- Phishing and private key compromise dominated the financial impact, just 3 phishing incidents caused over $1.4B in losses.
- Ethereum remained the most impacted network, accounting for $1.9B across 30 incidents.
- 63% of all losses occurred in Q1, driven by a handful of large-scale breaches.
- The average loss per incident surged to $28.5M, underscoring rising exploit severity.
What’s inside the report:
- Month-by-month and quarterly loss analysis
- Incident-type and network-level breakdowns
- Top 10 most damaging hacks of 2025
- Five-year historical comparison of losses
- Practical guidance on mitigating phishing, key compromise, and operational failures
- A forward-looking view on AI-driven security and DevSecOps
If you’re building, investing, or securing infrastructure in Web3, this report is designed to help you understand where security is breaking, and where defenses must evolve next.
👉 Read the full report: Exploited Ledgers: The Web3 Hack Report 2025
The threat landscape is changing fast. Awareness is no longer optional, it’s a prerequisite for survival.
Here’s to building the future, one block at a time.
Catch you soon? 😉
See you out there,
Team QuillAudits