Blockchain Industry Reels from $2.37 Billion in Losses: DeFi and CEX Hit Hardest in 2025

Scams Exploit AI and New Tech, Targeting Both Projects and Users

Holy crypto chaos! The blockchain world is bleeding out over $2.37 billion in the first half of 2025, thanks to a brutal wave of security incidents. And guess what? DeFi's taking the biggest beating, but CEX platforms are no picnic either.

SlowMist's mid-year "Blockchain Security and AML Report" just dropped a bombshell: 121 security nightmares led to those mind-blowing losses. We're talking a 66% spike from 2024, even though the number of incidents actually dropped. What the heck?

DeFi's in the crosshairs, making up 76.03% of all attacks and bleeding out around $470 million. But hold onto your hats—CEX platforms got slammed for a whopping $1.883 billion from just 11 hits. These hackers are going for the big bucks!

Account hacks and dodgy smart contracts? Yeah, they're the usual suspects behind these security debacles.

But it's not just projects getting hammered. SlowMist's report spills the beans on a slew of scam tactics aimed straight at you, the individual user, in the first half of 2025:

Get this: attackers are now playing dirty with Ethereum's new EIP-7702 contract delegation feature from the Pectra upgrade. On May 24, some poor soul got ripped off for $146,551 after falling for a phishing scam that twisted MetaMask’s EIP-7702 delegation. The Inferno Drainer crew pulled off this heist by tricking the user into signing off on a fake contract, then used bulk token approvals to drain their wallet dry.

And AI? It's making scams more slick than ever. Early 2025 saw a fake Zoom meeting with deepfakes that cleaned out Mehdi Farooq from Hypersphere Ventures. These crooks, posing as his contacts, got him to download malware. We're also seeing AI-generated videos of Elon Musk and Singapore officials pushing fake investment scams. It's wild out there!

These scams are tricking users into running bad code right off their clipboard. Fake X accounts pretending to be crypto big shots lure victims into Telegram groups, where a simple "Tap to verify" link triggers trojan-laced PowerShell commands. Boom—full device takeover, stealing everything from wallet files to Telegram accounts on both Windows and macOS.

Watch out for fake "Web3 security tools" and auto-update tricks. They're hijacking download links to sneak in malware that steals your mnemonic phrases, private keys, and login info. The "Osiris" extension fiasco? Hackers took over a legit developer's Chrome Web Store account with a phishing-based OAuth exploit, then pushed a sneaky update to over 2.6 million users.

LinkedIn's turned into a phishing playground in 2025. Attackers posing as blockchain startups are tricking engineers into downloading malware disguised as tech tests. They send out slick project briefs and design docs, then lead victims to repositories loaded with encrypted bad news. Once run, these backdoors snatch everything from host info to SSH keys and system Keychain data.

Social engineering's blowing up too. The biggest case? Coinbase got hit hard. Attackers bribed overseas customer support to spill user data, then impersonated Coinbase reps with fake phone numbers and phishing messages to trick victims into sending funds to scammer-controlled wallets. SlowMist says these coordinated attacks cost users over $100 million.

And here's a wild one for developers: looking for "unlimited AI access" through shady channels? You might end up installing malicious npm packages that mess with your apps big time. SlowMist caught a startup losing hundreds of thousands to code from one of these tools, installing backdoors via npm packages. Over 4,200 developers, mostly on macOS, got hit, letting attackers take remote control and steal credentials.

SlowMist's report also flags some scary LLMs that've been "jailbroken" to do some real damage. WormGPT's crafting malware and phishing emails, FraudGPT's whipping up fake crypto projects and phishing pages, DarkBERT's trained on dark web data for targeted social engineering, and GhostGPT's creating deepfake scams impersonating exchange execs. It's a hacker's playground out there!