GoPlus Annual Security Report: 1,200 Major Security Incidents Resulted in Over $3.5 Billion in Total Losses, with Attackers Adopting Both "Precision Targeting" and "Wide Net" Strategies

BlockBeats news, on December 30, according to GoPlus RektDatabase data, in 2025, there were more than 1,200 serious security incidents involving users and project parties in the Web3 sector, resulting in total losses exceeding $3.5 billion. Private key theft (based on malware and social engineering), phishing attacks, and Rug Token (fraudulent tokens) were the three most frequent types of attacks and fraud.

Among them, the top three incidents in terms of losses in 2025 were: an exchange theft incident (February 21, $1.5 billion), Cetus theft incident (May 22, $223 million), and Balancer theft incident (November 2, $128 million).

In terms of security trends, there is a clear feature of "an increase in the number of ultra-large incidents" and "a significant reduction in the cost of small-scale fraud against users," indicating that attackers are adopting a dual strategy of "precision targeting" and "wide net casting."

It is worth noting that in 2025, there were a total of 12 attack incidents with individual losses exceeding $30 million, of which CeFi accounted for 7. The main causes were administrator private key theft and hot wallet private key theft, exposing significant risks.