CertiK: Total Loss of Security Incidents within the Year Reached Approximately $3.35 Billion, Supply Chain Security Emerges as an Unignorable Systemic Risk

BlockBeats News, December 23rd, Web3 security company CertiK released a report stating that the total loss from Web3 security incidents in 2025 was approximately $3.35 billion. Among them, supply chain attacks caused losses as high as $1.45 billion, accounting for nearly half of the total annual loss and becoming the most destructive risk source of the year.

A typical case is the February Bybit incident, where the attacker did not directly infiltrate the trading platform's system. Instead, they implanted malicious code through a third-party multi-signature wallet service provider's developer environment, bypassing the multi-step approval process and resulting in approximately $1.4 billion in losses. Attackers are now concentrating their resources on key service providers and underlying tools rather than on individual protocols. Supply chain security has become a systemic risk that cannot be ignored.