
Author: Beosin
1. Overview of the Web3 Blockchain Security Situation in the First Half of 2025
According to Beosin Alert monitoring data, there were a total of 187 security incidents in the global blockchain sector in the first half of 2026, with total losses amounting to approximately 1.39 billion USD. The frequency of security incidents increased by 107.7% compared to the same period last year, while the total amount of losses decreased by 35%. Although the amount of losses decreased in the first half of this year, on-chain attacks remain frequent, and the blockchain sector still faces severe security challenges.

2. Losses by Chain
Ethereum remains the hardest-hit area, with 79 attacks resulting in approximately 492 million USD in losses, making it the public chain with the highest amount of losses and the most attack incidents.
Solana became the second highest public chain in terms of losses due to the massive losses from the Drift Protocol security incident and other DeFi attacks, with total losses amounting to approximately 328 million USD.
The Bitcoin network suffered approximately 282 million USD in losses due to a social engineering attack on a major whale, ranking third.

3. Types of Attacked Projects
DeFi is the type that is most frequently attacked and has the highest amount of losses. In the first half of 2026, there were 64 security incidents related to DeFi, accounting for 34.22% of the total incidents, with losses reaching up to 468 million USD.

It is worth noting that attacks targeting ordinary users, tokens/unknown contracts were frequent in the first half of this year, with losses reaching 337 million USD and 303 million USD respectively, which is a staggering increase of approximately 274% compared to the same period last year.
4. Analysis of Attack Causes
Social engineering attacks have become the top threat, with attacks targeting project parties and individual whales causing total losses of approximately 630 million USD; security incidents due to contract vulnerabilities totaled 94, with total losses amounting to approximately 713 million USD. The amount of losses compared to the same period last year remained the same, but the frequency increased by 49.21%. The losses from private key leaks in the first half of this year were also roughly at the same level as the same period last year, with total losses reaching 99.41 million USD, and the frequency also increased. 
5. Loss Scale Analysis
In the first half of the year, there were 4 security incidents with losses exceeding 100 million USD (KelpDAO loss of approximately 290 million USD, Drift Protocol loss of approximately 285 million USD, individual whale loss of approximately 282 million USD, DSJ Exchange Rug Pull loss of approximately 150 million USD). The top ten security incidents collectively resulted in losses of approximately 1.166 billion USD, accounting for 83.89% of the total loss amount.
In addition, the Beosin security team found multiple instances of token or old contract attacks, with the BNB Chain experiencing the most, totaling 33 incidents. The loss scale ranged from 10,000 USD to several hundred thousand USD, suggesting that attackers might be using AI technology to conduct batch scanning and inspection of such old contracts. It is expected that security incidents of this scale will occur more frequently in the future.
6. Summary of Security Situation
Compared to the first half of 2025, losses caused by attack incidents decreased by approximately 35% in the first half of this year. However, if excluding the extreme loss of 1.44 billion USD from the Bybit theft last year, the losses in the first half of this year are still very severe, concentrated in on-chain ecosystem projects and ordinary users, whose security protections are weaker compared to exchanges. The amount of losses for exchanges significantly decreased in the first half of this year, but the number of attacks and amounts of losses in the mainstream public chain ecosystem overall are increasing.
The most damaging attack incident in the first half of the year was the KelpDAO theft incident, which had a huge negative impact on the DeFi ecosystem. After the attack occurred, the attacker borrowed WETH through a lending protocol, causing users of these protocols to incur bad debts, with Aave’s bad debt exceeding 200 million USD. In order to avoid bearing the bad debt, users began to panic withdraw funds from Aave, which also put significant pressure on the liquidity and prices of other types of crypto assets.
In terms of project types, attack incidents are spread across various fields of Web3: exchanges, DeFi, personal wallets, infrastructure, token contracts, oracles, etc. All Web3 project parties/individual users need to remain vigilant, should store private keys offline, use multi-signatures, be cautious with third-party services, and conduct regular security training for privileged employees.
Note*: The above statistics only include on-chain publicly traceable stolen assets and do not account for small phishing losses or undisclosed internal thefts by companies; the actual loss scale is higher than reported figures.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。