In 2025, the blockchain industry navigated a turbulent landscape marked by sophisticated cyber threats, regulatory advancements, and substantial financial losses. SlowMist‘s annual report highlights a year of professionalized attacks and maturing anti-money laundering (AML) efforts, underscoring the need for adequate security measures amid technological advancements.
The report documents 200 security incidents across blockchain ecosystems, resulting in $2.935 billion in losses—a 46% increase from 2024’s $2.013 billion, despite fewer incidents (down from 410).
Ethereum bore the brunt with $254 million in losses, followed by Binance Smart Chain (BSC) at $21.93 million and Solana at $17.45 million.
Decentralized Finance (DeFi) accounted for 63% of incidents (126 total) and $649 million in losses, a 37% drop from the previous year.
Centralized exchanges suffered fewer breaches (12) but massive damages, including a staggering $1.46 billion from Bybit.
Contract vulnerabilities triggered 61 incidents, while compromised accounts led to 48.
Attack vectors evolved significantly.
Phishing scams grew more complex, incorporating “compound attacks” like ClickFix malware, Solana’s owner-permission tampering, and EIP-7702 abuses that tricked users into unauthorized transfers.
Social engineering tactics surged, with hackers impersonating job recruiters, security experts, or wallet providers to deploy malware or coerce asset transfers.
Supply chain poisoning targeted open-source projects through malicious dependencies, while browser extensions posed risks due to excessive permissions.
AI-generated content amplified scams, creating hyper-realistic interactions in Ponzi schemes masquerading as blockchain finance, such as the Xinkangjia DGCX fraud.
On the AML front, global law enforcement intensified operations, focusing on freezing assets, sanctions, and prosecutions.
Tether froze USDT on 576 Ethereum addresses, and Circle did the same for USDC on 214.
Out of $1.957 billion stolen in 18 major incidents, $387 million (13.2%) was recovered or frozen.
SlowMist’s InMist Lab contributed to $19.29 million in freezes and recoveries.
North Korea-linked hackers stole $1.645 billion in the first nine months of 2025, part of a $2.837 billion haul over two years, often laundered through outsourced services.
Drainers caused $83.85 million in losses, down 83% in incidents from 2024, with Permit signatures dominating and EIP-7702 emerging as a new tool.
Southeast Asian scam clusters, like the Huione Group, faced scrutiny for facilitating laundering via privacy tools and multi-tiered flows.
Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS) democratized cybercrime, enabling non-experts to launch attacks.
Privacy and mixing protocols shifted from outright bans to usage-based regulations, balancing tech advancements and product development with compliance.
Regulatory frameworks advanced, emphasizing tax transparency, KYC/AML, and custody standards.
Cross-border collaborations improved on-chain tracking, redefining privacy protocols’ boundaries.
Despite stabilized incidents, challenges persist: professional hacker groups, low-barrier tools, mature laundering networks, and regulatory uncertainties.
SlowMist recommends comprehensive security frameworks, including audits, employee training, AI-driven threat monitoring (like MistEye), and post-incident forensics.
For AML, distinguishing legitimate privacy tech from abuse is key, alongside integrated compliance systems.
The report concluded that as blockchain adoption grows, 2025’s lessons or key takeaways emphasize that security and compliance are not just defenses but survival imperatives in an increasingly hostile digital environment.