2025 Blockchain Security Forecast: Top Threats for the Year Ahead

2024 was a big year for DeFi hackers. While total losses didn’t reach the levels of 2021 and 2022, 2024 did break records for the most DeFi hacks in a year, with over 300 security incidents. In total, these incidents netted an estimated $2.2 billion in stolen crypto for the individuals and groups behind the attacks.

Looking forward to 2025, some of the biggest security trends of 2024 forecast likely threats that projects will face in the year ahead. According to Mar Aguilar, Halborn’s Lead Security Architect:

"In 2024, a notable trend in DeFi hacks is that over half of the incidents resulted from compromised accounts, primarily due to stolen private keys or signatures. They also represent more than 80% of the amount hacked for this year. Social engineering and phishing methods are particularly significant, either through traditional tactics like fake emails or, more commonly this year, malware infections. These infections trick users into believing they are authorizing legitimate transactions when, in fact, they are approving malicious ones. Hacks due to other causes have decreased, although price manipulation/market manipulation attacks seem to be the second most common cause of attacks, while rug pulls and scams (by the protocol or rogue developer) are the second most common by monetary loss.

As the ecosystem becomes more mature and audits and bug bounties programs become more common, I think for the year 2025, we will see a similar trend, in which hacks due to off-chain or not smart contract-related causes will increase and be the primary cause of losses. Attacks due to on-chain factors will probably continue to be due to more complex scenarios (market manipulations). I also would advise caution when engaging with a protocol and being aware of potential risks.”

Breaking this down, we can explore the likely top threats of 2025 and best practices for managing them.

Private Key Security is Critical

In 2024, an estimated 61% of blockchain hacks were attributed to North Korean hacking groups like the Lazarus Group. Often, these threat actors specialize in sophisticated social engineering attacks involving malware that accesses and exfiltrates the secret keys used to manage large wallets or important smart contracts.

The estimated $1.3 billion in crypto stolen by these state-sponsored groups represents a significant source of revenue for the North Korean government. As a result, it is unlikely that these groups will suddenly cease their operations or move on to different targets when they’ve seen such success to date.

In 2025, these types of attacks targeting private keys are likely to continue as a major threat. This is especially likely if Bitcoin and other crypto are in a bull market throughout the year as high crypto prices tend to trigger an upswing in activity by these threat groups.

On-Chain Attacks Grow More Complex

Historically, the Web3 space has struggled significantly with basic application security (AppSec). Often, smart contract code was deployed on-chain without having first undergone a proper security audit. As a result, the code often contained exploitable vulnerabilities, such as reentrancy or weak access controls, that an attacker could take advantage of to drain value from the smart contract or its users.

Going into 2025, this is likely to change, at least for major projects. Between smart contract audits and bug bounty programs, many vulnerabilities are identified and addressed before they can be exploited by a blackhat attacker.

However, this isn’t to say that on-chain attacks will completely disappear this year. Instead, they’re likely to evolve to focus on more complex vulnerabilities or manipulation of market conditions. For example, a zero-day vulnerability in a particular contract or smart contract platform like the Dogecoin zero-day discovered by Halborn in 2023 could have wide-reaching effects and result in significant losses. This type of issue requires more time, resources, and expertise to find than a simple reentrancy bug but is also far less likely to be identified during a smart contract audit or bug bounty program.

Web3 Security Best Practices for 2025

As the Web3 space matures from a security perspective, the top threats that projects face are evolving. Some key best practices to manage the most likely vulnerabilities and attack vectors that attackers will target in 2025 include the following:

1. Implement wallet security best practices. Private keys are a primary focus for major threat actors like the Lazarus Group. Relying on a single private key or a small pool of validators to secure high-value assets can lead to a costly hack (like the Ronin Network hack). High-value wallets and key functionality should be protected by multi-sig or MPC wallets and use hardware wallets to secure private keys.

2. Leverage bug bounties and security audits. Exploits of simple smart contract vulnerabilities are expected to decrease in 2025, but this is only because projects are expected to implement AppSec best practices. Performing a comprehensive smart contract audit before releasing any code and running a bug bounty project with fair compensation for discovered vulnerabilities reduces the risk of a costly security incident.

3. Consider context in code audits. Auditing a smart contract’s code in isolation can expose simple bugs but may miss issues arising from dependencies on third-party code. For example, users who deployed audits of smart contracts via GemPad lost an estimated $1.9 million due to a reentrancy flaw in the project’s underlying smart contract. Web2 frontends, smart contract dependencies, and market conditions can all have an impact on the security of a smart contract.

Historically, the top blockchain hacks of any given year tend to be a mix of sophisticated exploits and attackers taking advantage of a failure to implement basic security hygiene. As major threat actors like the Lazarus Group increasingly focus on the space, large-scale sophisticated attacks will become more common.

Projects can best defend themselves against these kinds of threats by implementing security best practices, such as multi-sig and hardware wallets, bug bounty programs, and smart contract audits on every code release. For help in protecting your project against the top Web3 security threats of 2025, reach out to Halborn.