Decoding 2025's biggest web3 hacks: lessons & trends

TL;DR:

The discussion highlighted that while technical vulnerabilities remain important, the human element through social engineering and access control represents the dominant threat in 2025. Success requires a holistic approach combining technical controls, operational security, real-time monitoring, and most importantly, a security-first culture that scales with the value being protected.

"Everyone has a plan until you get punched in the face."
Samridh Saluja, Founder at Guardrail

Key stats discussed:

• H1 2025 losses already exceeded total 2024 losses ($2+ billion)
• Access control issues: 70% of funds lost ($1.6 billion)
• Social engineering: 15% of funds lost
• Three attack vectors combined: 95% of total losses

Listen to the X Spaces recording:

‍Main discussion points:

1. Social Engineering Attacks

The panel agreed that social engineering attacks are becoming increasingly sophisticated with AI tools, making them harder to detect. Key takeaways:

• Good OPSEC is essential but must be tailored to risk levels
• Isolated devices for crypto transactions recommended
• Pig butchering scams targeting new crypto users
• AI advancement making attacks more convincing

2. Access Control Issues

The dominant attack vector discussed, encompassing everything from private key compromises to infrastructure vulnerabilities:

• Not just smart contract issues - includes Web2 infrastructure
• Defense in depth approach needed
• Role-based access control crucial but complex to implement
• Regular monitoring and time locks recommended
• Proxy-in-the-middle attacks emerging as new threat

3. Protocol-Specific Security Measures

Each speaker shared unique approaches:

• EigenLayer's withdrawal queue system prevents immediate fund extraction
• ZKsync's enhanced monitoring and video verification for access requests
• Guardrail's real-time monitoring across 45+ chains

Key security recommendations:

1. Implement defense in depth - Multiple layers of security
2. Scale security investment with value - More value = more security
3. Focus on permanent state changes - Protect irreversible actions
4. Practice incident response - Quarterly drills minimum
5. Use real-time monitoring - Detect attacks before completion
6. Verify human requests - Video calls for sensitive access
7. Isolate crypto operations - Dedicated devices and networks
8. Stay updated on AI threats - Attackers using latest tools

‍

Notable quotes:

• "Good OPSEC cannot be really defined for every entity by a single entity. It basically depends on the level of risk that you're operating at." - Raul
• "Everyone has a plan until you get punched in the face." - Samridh
• "When security is working well, you don't want to hear about it. You only hear about it when something's going wrong." - Samridh
• "The first focus that you should have...is on the place in your system where a permanent action is happening." - Raul

Speaker timestamps & key contributions:

Opening & Introduction

[00:00:00] @0xnoveleader (Quill Audits)

• Welcome and introduction of speakers
• Overview of H1 2025 hack statistics
• Introduction of three major attack vectors

Social Engineering Discussion

[00:03:00] @0xnoveleader (Quill Audits)

• Introduces social engineering topic
• Notes 15% of funds lost to these attacks

[00:04:00] @SamridhSaluja (Guardrail)

• AI making social engineering worse
• Importance of integrity monitoring
• Well-funded adversaries growing stronger

[00:08:00] @saxenism (ZKsync)

• Good OPSEC depends on risk level
• Comparison to testing strategies
• Need for layered security approach

[00:11:00] @blocksek (EigenCloud)

• EigenLayer's withdrawal queue mechanism
• Allows intervention even after compromise
• Prevents withdrawals to different wallets

Access Control Deep Dive

[00:13:00] @0xnoveleader (Quill Audits)

• 70% of funds lost to access control issues
• Links to social engineering and infrastructure

[00:14:00] @saxenism (ZKsync)

• Bybit hack discussion
• Web2 vs Web3 access control
• Implementation of comprehensive monitoring

[00:17:00] @SamridhSaluja (Guardrail)

• AI tools making attacks easier
• Private key compromise detection strategies
• Multisig monitoring importance

[00:20:00] @blocksek (EigenCloud)

• Proxy-in-the-middle attacks
• Smart contract deployment vulnerabilities
• Best practices for proxy initialization

[00:22:00] @officer_cia (Remedy)

• Importance of understanding access privileges
• Segregating roles effectively
• Impact awareness for access holders

Protocol-Specific Insights

[00:25:00] @blocksek (EigenCloud)

• Introduction to EigenCloud evolution
• Verifiable cloud infrastructure
• Suite of verification mechanisms
• Security considerations for different verification types

[00:35:00] Samridh Saluja (Guardrail)

• Guardrail platform overview
• Real-time monitoring across chains
• Common response failures from teams
• "It won't happen to us" fallacy

[00:45:00] @saxenism (ZKsync)

• Zero-knowledge proof security considerations
• Don't optimize ZK code
• Use battle-tested implementations
• Physical security for remote teams
• Video verification for access requests

Career Advice & Closing

[00:53:00] @blocksek (EigenCloud)

• Recommends Cipher Updraft for learning
• Participate in competitions
• Specialize in emerging tech like ZK
• Balance AI usage with fundamental knowledge

[00:56:00] @0xnoveleader (Quill Audits)

• Closing remarks
• Thanks to all speakers