2025 Blockchain Security and Anti-Money Laundering Annual Report: Total Losses Surge by 46%, AI and Social Engineering Become Mainstream Threats

SlowMist Technologies released their latest annual report indicating that the blockchain industry will face more complex security challenges in 2025. Although the total number of security incidents decreased from 410 in 2024 to 200, the total financial loss actually increased by approximately 46% year-over-year, reaching an astonishing $2.935 billion.

Top 10 Losses in Security Incidents of the Year: Bybit Hacked for $1.46 Billion Leading

The most notable security incident in 2025 was the hacking of cryptocurrency exchange Bybit, with a single loss of up to $1.46 billion. The hackers are suspected to have launched the attack by gaining multi-signature permissions on Safe Wallet.

(Revealing the Secrets of Bybit Hack! CEO Ben Zhou recalls crisis management: We managed to get through)

Other major loss events include:

Cetus Protocol: Loss of approximately $230 million, mainly due to smart contract mechanism vulnerabilities.

(Water family sheds tears! Sui’s main DEX Cetus lost over $260 million, evaporating 83% of TVL)

Balancer V2: Due to calculation errors in the Stable Pool swap path, losses amounted to about $121 million.

(Balancer suspected of being hacked for $116 million! Major security vulnerability in DeFi exposed again)

Nobitex: Attacked by Israeli hacking groups, destroying about $100 million in assets.

(Iranian banking systems and cryptocurrency exchanges are paralyzed! If Taiwan Strait faces information warfare, can holding Bitcoin hedge risks?)

Other affected projects include Phemex ($70 million), UPCX ($70 million), BtcTurk ($54 million), Infini ($50 million), CoinDCX ($44.2 million), and GMX ($42 million).

(Crypto financial card company Infini stolen $50 million, team commits full compensation)

Fraud techniques upgrade: from traditional phishing to AI and supply chain poisoning

The report points out that attack methods in 2025 are highly organized and professional, especially combining new protocol features with AI technology:

AI-powered Attacks

Using Deepfake technology, hackers can impersonate corporate executives in video conferences (such as the Arup Hong Kong employee scam) or bypass KYC verification. Additionally, hackers utilize AI models to dynamically generate malicious code to evade detection.

Social Engineering Attacks

Common tactics include recruitment interview scams, tricking engineers into downloading malicious code repositories.

(I encountered a job scam! Analyzing from the victim’s perspective how to identify Web3 social engineering attacks)

Clickfishing

Inducing users to execute malicious commands within the system.

Solana Permission Tampering

Modifying account owner permissions so that victims cannot control their assets even with private keys.

EIP-7702 Authorization Abuse

Using new account abstraction features to perform bulk theft.

(Ethereum EIP-7702 phishing and theft become new favorites for hackers: WLFI investor wallets emptied)

Supply Chain Poisoning

Hackers implant backdoors in popular open-source tools on GitHub (such as Solana trading bots) or NPM packages.

Anti-Money Laundering Regulations Enter Cross-Border Enforcement in 2025

North Korean hackers (Lazarus Group) remain one of the biggest global security risks, stealing about $1.645 billion in just the first nine months of 2025. Their money laundering process has become industrialized, using cross-chain bridges, mixers, and multiple laundering events to obscure tracking.

Regarding some Southeast Asian money laundering nodes, Cambodia’s Huione Group (Hui Wang) is suspected of being involved in large-scale scam fund flows and has been sanctioned by the US OFAC.

SlowMist Technologies summarizes that the trend in 2025 is for attack systems to become more professional, criminal connections more covert, and regulatory enforcement more aggressive. Security and compliance are no longer just about protection capabilities but are now thresholds for business survival. The future vitality of the Web3 industry will depend on whether it can establish stronger internal security controls and transparent fund governance models.

This article, “2025 Blockchain Security and Anti-Money Laundering Annual Report: Total Losses Surge 46%, AI and Social Engineering Become Mainstream Threats,” first appeared on Chain News ABMedia.