Q2 2025 Security Report
Security incidents in Q2 2025 showed a decrease in overall losses compared to previous periods. Key breaches highlighted ongoing risks in both decentralized and centralized platforms. Improvements in response and recovery are helping reduce damage, but vulnerabilities and sophisticated attackers continue to pose challenges. Maintaining strong security practices remains essential.
Q2 2025 Security Report
Introduction
The second quarter of 2025 saw continued challenges and developments in the cybersecurity landscape for both decentralized and centralized platforms. While the overall number of successful hacks has decreased compared to earlier periods, significant incidents highlight ongoing vulnerabilities and the need for vigilance. This report summarizes key events, trends, and what they mean for the future of security in the crypto space.
Year over Year Security Snapshot
Comparing Q2 2025 to Q2 2024 reveals encouraging progress alongside persistent risks. Last year, total losses for Q2 hovered around $1.1 billion, driven largely by several large scale exploits. This year, preliminary figures show reported losses in May alone at $244 million, a nearly 78 percent reduction in monthly losses year over year. Improvements in asset freezing, incident response, and cross industry cooperation have played key roles. However, private key vulnerabilities and sophisticated threat actors continue to present ongoing challenges.
Notable Hacks and Impact
In May 2025, the Cetus DEX exploit on Sui Network absorbed most attention. Hackers drained approximately $223 million through a vulnerability in “most significant bits” logic. Fortunately, swift response froze or recovered $157 million, a roughly 70 percent recovery rate.
Centralized platforms also faced threats. Coinbase announced a significant data breach on May 15, involving stolen names, addresses, partial Social Security numbers, and bank details for a small subset of users. They refused to pay a $20 million ransom, bolstered remediation efforts, and set aside $180 − 400 million to reimburse victims and handle fallout.
While Coinbase didn’t lose direct crypto holdings, the hack remains a major privacy incident. Earlier in the year, Bybit experienced a monumental hack in February, losing $1.5 billion in ether from a cold wallet, currently the largest cryptocurrency heist ever.
Overall Q2 Malicious Activity
Although Q1 saw $1.63 billion stolen (mostly from the Bybit exploit), Q2 figures are still being tallied. May alone amounted to $244 million, across approximately 20 hacks—a month-on-month drop of nearly 40 percent, partly due to advances in detection, freezing of assets, and stronger response mechanisms.
Emerging Trends
Three major trends define Q2’s security landscape:
First, private-key and DEX exploits continue to be favoured by attackers. The Cetus incident centred on a private-key/state-management vulnerability, echoing earlier trends where private-key issues represented 43.8 percent of thefts in 2024.
Second, rapid freeze and recovery efforts are paying off. Just as industries improved in Q2 2024, the Cetus hack saw billions clawed back, about 70 percent of losses in May alone. Cooperation between platforms, chains, and security firms is effective.
Third, state-affiliated hacking groups remain active. Attacks linked to nation.state interest continue to target exchanges and high-profile DeFi platforms, following patterns seen in Q1.
What It All Means
DeFi protocols still face critical challenges in private-key security and smart-contract integrity. The Cetus exploit highlights that even liquidity logic requires rigorous review. Meanwhile, breaches targeting user data underscore the importance of insider threat mitigation and contract-service oversight.
On a positive note, the industry is getting better at post-hacking responses. Damage control and recovery now follow faster, with frozen assets and cooperation networks reducing losses. But sophisticated threat actors continue testing the limits of current defenses.
Conclusion
Q2 2025 saw $244 million in reported hack losses in May, plus a high-impact data breach involving Coinbase. While this is a marked drop from Q1’s record-setting amounts, the threat landscape remains serious. Platforms that commit to thorough audits, private-key protections, fast incident response, and cross-industry coordination are improving their resilience.
Looking forward, expect increased scrutiny on private key handling, smart contract review, and overall operational security. If the current path continues, Q3 may offer further recovery improvements, but only if security remains a priority.