The first half of 2025 was brutal for Web3. Over $3.1 billion in losses. Not from rugs or untested contracts. No, this time the biggest holes were human. Misconfigured multisigs, forgotten admin controls, and a new wave of AI-driven chaos turned even hardened protocols into sitting ducks.
The Real Exploit: People
Let’s be real. Most of the carnage didn’t come from code. It came from negligence. Around 60% of all losses came from human errors, stuff like leaked private keys, access control screwups, and unaudited signer permissions.
Take Bybit. One of the biggest breaches of the year: $1.46 billion drained through a single transaction. No protocol bug. No contract flaw. Just poor ops hygiene.
Then came the social engineering wave. Scammers cleaned out $594 million by pretending to be support, hijacking accounts, and faking identities. One elderly investor alone got fleeced for $330 million in Bitcoin, all by clicking the wrong link.
AI Is the New Zero Day
Just as teams were catching up on multisigs, AI attacks exploded. We’re talking a 1,025% increase in exploits using large language models, rogue agents, poisoned datasets, and backdoored APIs. Open-source AI stacks like Langflow and BentoML turned into hacker playgrounds, with attackers using them to trigger remote code execution and hijack agent logic.
Worse still, there’s “vibe hacking” using AI-generated language and tone to build false trust and social engineer even seasoned users. The line between malware and manipulation is now razor-thin.
And with over a third of Web3 projects now using AI agents, the attack surface is getting weirder and wider by the day.
Smart Contracts Still Bleed
Even after years of testing and audits, DeFi contracts remain an open wound.
The Cetus exploit alone wiped out €223 million in seconds, all due to a single overflow bug that rippled across 264 liquidity pools. One line of code. Huge blast radius.
Then there was Uniswap V4, where a missing permission check let an attacker inject unauthorized calldata. The result? €12 million gone. Fake tokens in, real tokens out.
Hacken’s Fix: Autonomous On-Chain Defense
Old-school audits aren’t cutting it. Hacken says it’s time to stop playing defense like it’s 2020. Their approach is about speed, autonomy, and automation, real-time security tooling that fights back as fast as the threats evolve.
Their updated Extractor platform includes:
- Multisig Monitoring that watches signer behaviour live
- TVL Tracking to flag abnormal fund movements instantly
- Automated Incident Response that rotates keys, pauses contracts, and kicks out bad signers — all without human intervention
This isn’t a dashboard you stare at after the fact. It’s a guardian that acts before the breach makes the news.
Compliance: Not Optional Anymore
While the builders build, regulators are starting to bite. ISO 4200. The EU AI Act. Global watchdogs are coming for protocols that treat compliance like an afterthought.
Hacken’s stack is trying to stay ahead — with AI security audits, ISO-aligned access control systems, red-team simulations, and emergency response pipelines. Because in a world where attacks happen in seconds, quarterly reviews won’t save you.
Web3 doesn’t need more FUD. It needs code that fights back.
Security has to be as composable, modular, and fast-moving as the DeFi it’s defending. Hackers aren’t waiting. AI isn’t slowing down. If your stack isn’t watching itself in real time, it’s probably already compromised.
