$3.6 B lost. 56% traced to North Korea. Operational security failures dominate.
The Hacken 2025 TRUST Report is here — revealing how operational security, not smart-contract code, has become the main source of blockchain losses.
Across the first three quarters of 2025, over $3.6 billion in digital assets were stolen — already exceeding 2024’s total. Our data shows access-control exploits accounted for nearly 58% of all losses, while phishing and social engineering followed at 21%. In contrast, smart-contract bugs contributed only about 10%.
“Most assets weren’t drained by logic errors — they were stolen through compromised developer environments, poisoned dependencies, or mismanaged multisigs,” — Hacken 2025 TRUST Report
The research also links 56% of total stolen funds to North Korean threat actors, including the record-breaking $1.46 B Bybit breach. DeFi protocols like Bunni and Arcadia Finance suffered smaller but sophisticated hits, showing that multiple audits don’t equal full safety when operational layers remain exposed.
Beyond loss statistics, the 2025 TRUST Report explores:
- The evolving Web3 threat landscape — from access control to MEV, oracles, and bridge risks.
- The regulatory shift — from Europe’s DORA and MiCA to the U.S. GENIUS Act.
- Best practices for enterprises — governance, incident response, and secure digital innovation.
This year’s edition emphasizes one theme: cyber risk is now the top systemic risk in digital assets. Blockchain’s immutability and interconnectedness mean one compromised key can ripple across markets in minutes. The report is a must-read for decision-makers navigating tokenization, blockchain integration, and regulatory compliance in 2025 and beyond.
📘 Read the full report:
