Cyvers released its "Web3 Security & Fraud Report 2025," which includes five new findings on attack and defense.
TL;DR
Cyvers' 2025 Web3 Security Report reveals crypto fraud is industrialized, with $16B lost to fraud vs. $2.5B to hacking. Key issues include access control failures and widespread exchange fraud.
Tags
Odaily Odaily reports that Cyvers has released its "2025 Web3 Security and Fraud Report," revealing the true state of hacking, fraud, and emerging threat patterns, covering the following key findings:
1. Industrialization of crypto fraud: Cyvers has identified 18,815 active global fraud networks, rather than just lone "hackers".
2. The scale of authorized fraud now far exceeds that of traditional vulnerability exploitation: traditional hacking attacks have caused $2.5 billion in losses, while the amount stolen through fraud is $16 billion.
3. Smart contract vulnerabilities are not the main cause: 88% of losses in 2025 are due to access control failures, including key leaks, permission setting problems, and human error.
4. The methods used in the largest cryptocurrency theft in history have changed: The supply chain vulnerabilities and legitimate signatures in the Bybit incident may seem normal at first glance, but such hidden risks and incidents will become commonplace in the future.
5. More than 140 exchanges were affected: A significant number of customers on major exchanges had experienced fraud at least once.