Cryptocurrency

North Korea-linked Theft And Poor Key Security Dominate Web3...

2025-12-29 0 views admin
North Korea-linked Theft And Poor Key Security Dominate Web3...

Hacken says Web3 losses climbed to nearly $4 billion in 2025, with North Korea behind over half the damage, and regulators are under pressure to turn security guidance into hard rules.

The Hacken 2025 Yearly Security Report puts total Web3 losses at about $3.95 billion, up roughly $1.1 billion from 2024, with just over half of that attributed to North Korean threat actors.

A report shared with Cointelegraph shows losses peaked at more than $2 billion in the first quarter of the year before falling to around $350 million by Q4, but Hacken warns that the pattern still points to systemic operational risk rather than isolated coding bugs.

The report frames 2025 as a year where the numbers worsened, but the underlying story became clear. Smart contract bugs matter, but the biggest, least recoverable losses are still coming from weak keys, compromised signers, and sloppy off‑boarding.

According to Hacken, access control failures and broader operational security breakdowns accounted for about $2.12 billion, or nearly 54% of all 2025 losses, compared with around $512 million from smart contract vulnerabilities.

The Bybit breach alone, at nearly $1.5 billion, is described as the largest single theft on record and a key reason North Korea-linked clusters account for roughly 52% of total stolen funds.

Related: Crypto losses near $3.4B as hackers went ‘big game hunting’

Yehor Rudystia, head of forensic at Hacken Extractor, told Cointelegraph that regulators across the US, European Union and other major jurisdictions’ licensing regimes increasingly spell out what “good” looks like on paper, such as role‑based access control, logging, secure onboarding and ID verification, institutional‑grade custody (hardware security models, multi-party computation, or multi‑sig, and cold storage), as well as continuous monitoring and anomaly detection.

​However, “as regulatory requirements are only becoming mandatory principles, a lot of Web3 companies continued to follow insecure practices throughout 2025,” Rudystia said.

He pointed to practices such as not revoking developers’ access during off‑boarding, using a single private key for managing a protocol, and not having Endpoint Detection and Response systems.

Source: CoinTelegraph

🏷️ Tags

cryptoweb3

More from Cryptocurrency

New Zcash Price Has 'first Stop' At $1k: Arthur Hayes 2025

New Zcash Price Has 'first Stop' At $1k: Arthur Hayes 2025

2025-12-29 0
White Whale Up 10x In A Week! Lighter Tge! Saylor Buys $109m Btc!

White Whale Up 10x In A Week! Lighter Tge! Saylor Buys $109m Btc!

2025-12-29 0
Eth Price To $5k Next? Ethereum Rallied 120% The Last Time This...

Eth Price To $5k Next? Ethereum Rallied 120% The Last Time This...

2025-12-29 0
New These Three Altcoins Came Back From The Dead In 2025

New These Three Altcoins Came Back From The Dead In 2025

2025-12-29 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views