North Korea-Linked Thefts and Key Security Failures Dominate Web3 Losses, Says Hacken

The Web3 ecosystem continues to face unprecedented challenges, with Hacken’s 2025 Security Report revealing nearly $4 billion in losses across the year. According to the findings, North Korea-linked threat actors were responsible for more than half of these damages, while poor key management and operational security failures emerged as the primary vulnerabilities.

Rising Losses in 2025

• Hacken estimates total Web3 losses at $3.95 billion, marking an increase of approximately $1.1 billion compared to 2024.
• Losses peaked in the first quarter of 2025 at over $2 billion, before dropping to around $350 million in the fourth quarter.
• Despite this decline, Hacken warns that the pattern reflects systemic operational risks rather than isolated incidents.

North Korea’s Role

• The report highlights that 56% of stolen assets were traced to North Korea-linked groups, underscoring the nation’s continued reliance on cybercrime to fund its operations.
• These actors exploited weak access controls, compromised developer environments, and poisoned dependencies, rather than relying on smart contract bugs.

Key Security Failures

• Access-control exploits accounted for nearly 58% of all losses, making them the single largest contributor.
• Phishing and social engineering attacks represented 21%, while smart contract bugs contributed only about 10%.
• Hacken emphasizes that most losses stemmed from mismanaged multisigs, poor private key storage, and compromised developer tools, highlighting the urgent need for stronger operational practices.

Regulatory Pressure
With billions lost and state-sponsored actors involved, regulators are under mounting pressure to transform security guidelines into enforceable rules. Hacken argues that without stricter compliance frameworks, the Web3 industry risks repeating the same vulnerabilities year after year.

Conclusion
The Hacken 2025 report paints a sobering picture: Web3’s greatest threats are not coding errors but human and organizational failures. As North Korea-linked thefts dominate headlines, the industry must prioritize robust key management, secure developer environments, and stricter compliance standards to safeguard the future of decentralized finance.