A new annual report from cybersecurity firm SlowMist reveals that approximately 200 blockchain security incidents occurred in 2025, resulting in total losses of around $2.935 billion.
While the number of incidents declined sharply compared with 2024, when there were roughly 410 breaches, the total financial impact increased by about 46% year-over-year, underscoring growing sophistication among attackers and the high stakes facing digital asset ecosystems.
The SlowMist 2025 Blockchain Security & AML Annual Report shows that losses were concentrated in a few major sectors and ecosystems.
Ethereum recorded the highest total losses at roughly $254 million, followed by Binance Smart Chain (BSC) with about $21.93 million and Solana with $17.45 million in reported damages. Other ecosystems, such as Arbitrum and various Layer-2 networks, also contributed to the loss totals, though to a lesser degree.
By type of project targeted, decentralized finance (DeFi) protocols accounted for the majority of incidents, with 126 breaches (63% of the total) and roughly $649 million in losses.
However, centralized platforms, including exchanges and custodial services, suffered the largest single losses, totaling approximately $1.809 billion across 22 incidents. A key driver of that figure was a single major event linked to crypto exchange Bybit, which reported about $1.46 billion in losses.
SlowMist’s analysis highlights how attack methods continue to evolve. The report cites 56 smart contract exploits and 50 account compromise incidents as leading vectors, alongside a rise in professionalized hacking groups, including those with links to state-sponsored actors.
The increasing complexity of exploits, combined with underground money-laundering techniques such as Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS), has expanded risk profiles across the space.
Despite the alarming financial toll, the slowdown in total incidents suggests some progress in baseline security practices. The report also notes accelerating regulatory enforcement globally, which SlowMist says could promote better compliance and stronger defenses.
However, the stark contrast between fewer incidents and higher losses raises fresh urgency for developers and platforms to bolster smart contract auditing, operational security, and institutional-grade risk mitigation in 2026 and beyond.