$620M in Losses in Q2: How Wallet Hacks Are Still Dominating Crypto Crime

$620M in Losses in Q2: How Wallet Hacks Are Still Dominating Crypto Crime

As another quarter passes, we are reminded once more that crypto is still a work in progress. According to blockchain security firm CertiK, more than $801 million was lost throughout Q2 2025. And while this number is down by more than 50% from the previous quarter, it remains an eye-watering sum to lose and remains one of the main obstacles to blockchain's mainstream adoption.

So where exactly are the gaps and weak spots that attackers are exploiting? Let’s take a look at the data and unpack why we’re still seeing such massive month-on-month losses.

A Closer Look at the Numbers

Digging into the data from CertiK, there are a few clear patterns that stand out:

• Phishing was once again the top attack method. These attacks resulted in losses of $395 million.
• Code vulnerabilities were next on the list, resulting in sizable $235 million in losses.
• Out of all the blockchains and networks, Ethereum was the most affected, with $65.4 million in losses alone.

As mentioned, these numbers are down considerably from the previous quarter, which offers some signs of hope. That said, we are still a long way from perfection, so let’s examine the main threats before exploring ways users can better protect themselves.

Why Wallets Are Always in the Spotlight

A crypto wallet plays a central role in Web3. Enabling self-custody allows users to safeguard their digital assets and maintain ownership without depending on traditional intermediaries.

Whether it’s a hardware wallet you keep offline or a mobile wallet you use every day, these tools are what make crypto a space where users can use, store, and control their digital assets. Without wallets, the promise of "your keys, your coins" doesn’t exist. They’re not just storage, they’re freedom.

However, this same freedom is also why wallets continue to make headlines. If hackers manage to compromise the wallet, the rewards can be very lucrative. And since transactions are mostly irreversible on the blockchain, there is no undo button to make things right when something goes wrong.

As a result, wallet breaches were the most expensive category of crypto crime in the first half of 2025, resulting in over $1.7 billion in losses. Think of it this way: burglars don’t target empty houses. They target those with the lights off and valuables inside. Wallets are where crypto lives, so naturally, they’re where attackers focus.

Phishing: Still the Number-One Threat

If you’ve been in crypto for more than a week, you’ve likely already been bombarded with non-stop phishing attempts, from fake airdrops and suspicious DMs all the way to too-good-to-be-true links passed around on social media and apps like Telegram and Discord.

And while phishing is the oldest trick in the book, it’s still the most effective. In fact, phishing-related attacks accounted for more than half of all losses in Q2. Why? Because once you hand over your keys and private details to hackers, they are free to run riot and completely empty your account.

A typical example of a phishing attack that we see is fake wallet extensions. Users think they’re downloading the real thing, enter their seed phrase, and in seconds, their funds are gone. At other times, it’s a malicious site that appears identical to a trusted platform, such as a DeFi site or an exchange. The user connects their wallet, approves a transaction, and unknowingly signs away control over their funds.

Code Exploits: When the Tech Fails

On the other side of the spectrum are technical exploits. These don’t rely on tricking people. Instead, this is the more typical side of hacking you might picture when you think of these cyberattacks.

Here, bad actors look for weakness in the code itself. These code vulnerabilities resulted in $235.8 million in losses during Q2.

Imagine a DeFi lending app with a flaw in its smart contract. Everything is in order: users deposit funds, borrow assets, and repay loans. However, a bug in the code allows attackers to withdraw more than they deposited, thereby draining the pool. Or picture a bridge between two blockchains where the math doesn’t quite check out. Hackers spot it, exploit it, and siphon millions before anyone notices.

Why Recovery Isn’t a Long-Term Solution

Over the years, the cryptocurrency industry has improved significantly in recovering funds stolen by scammers and hackers. In Q2, $181 million of the $801 million was recovered. However, while that is undoubtedly impressive, it still leaves more than $600 million unaccounted for.

The problem is that crypto recovery efforts, whilst important, are reactive. They only kick in after the assets have been stolen, and given the nature of the blockchain, they are challenging to restore. Once funds are moved into mixers, swapped across multiple chains, or split into thousands of smaller transactions, tracing them becomes exponentially harder.

Even when investigators can track the money, there’s no guarantee of recovering it, especially if hackers cash out through decentralized exchanges or offshore services. That’s why the real focus must be on prevention through education (along with stronger technological safeguards).

Final Word: Staying Safe

So what does all this mean for regular users? With all of this in mind, what can you do to protect yourself better and ensure your digital assets are safe? In general, it comes down to selecting the right tools and practicing smart habits.

Whenever possible, use cold storage for any significant assets you hold, especially if you plan to have them for the long term. Another best practice is always to use trusted wallet providers. Avoid random applications and extensions. Always visit the verified site and double-check the URL to ensure accuracy.

Finally, be very skeptical of all messages and communications you receive from a crypto brand. Phishing remains a significant threat, so it’s essential to stay vigilant to avoid becoming a victim and another statistic.