Web3 Losses in 2025 Reach Nearly $4 Billion – Stolen Credentials Traded for $105

Web3 Sector Losses Reach Record Levels

Losses in the Web3 sector totaled approximately $3.95 billion in 2025 ^[1]. This emerges from the latest Yearly Security Report by security firm Hacken. Compared to the previous year, this represents an increase of around $1.1 billion ^[1]. Slightly more than half of the stolen funds are attributed to North Korean actors ^[1].

Particularly notable is the temporal distribution of damages: In the first quarter, losses reached their peak at over $2 billion, while they declined to approximately $350 million by the fourth quarter ^[1].

Structural Security Problems Rather Than Individual Errors

According to Hacken's assessment, the security incidents are not isolated programming errors but structural operational risks ^[1]. Access controls and security processes were responsible for approximately $2.12 billion, or nearly 54 percent of all losses ^[1]. Damages from classic smart contract vulnerabilities amounted to around $512 million during the same period ^[1].

The Bybit hack in February, with a volume of nearly $1.5 billion, is considered the largest hack and alone accounts for a significant portion of the total damages ^[1].

Professional Trade in Stolen Crypto Data

Parallel to large-scale hacks, an organized market for stolen crypto credentials has developed. Stolen crypto accounts now fetch fixed market prices on the darknet and are sold for an average of around $105 ^[2]. Phishing is no longer an isolated crime but rather the entry point into a division-of-labor crypto fraud industry ^[2].

Crypto credentials pass through multiple hands after a single click before being ultimately monetized ^[2]. Hackers now trade crypto accounts as efficiently as products in a regular online shop ^[2].

Telegram as Central Marketplace

Telegram has evolved from a messenger into a central marketplace for stolen crypto data ^[2]. Stolen crypto data is systematically collected, verified, and resold in large packages ^[2]. Resale on the darknet is often more lucrative than directly stealing cryptocurrencies ^[2].

Many victims lose track because the actual damage often occurs with a time delay ^[2]. Even old login data remains valuable as long as passwords are reused ^[2].

High Value of Complete Identity Data

Whoever discloses their credentials loses not only one account but often control over multiple services ^[2]. Personal data, phone numbers, and identification documents significantly increase the value of stolen crypto accounts ^[2].

The underground markets for crypto data operate with fixed prices, ratings, and clear role divisions ^[2]. A single successful phishing attack can have financial consequences years later ^[2].

The developments show that security problems in the Web3 sector are increasingly systematic in nature and exploit not only technical but also organizational vulnerabilities.