Ethereum Faces Surge in Security Incidents: SlowMist Reports H1 2025
ethereum Faces Significant Security Challenges in H1 2025
ethereum Ecosystem Suffers Major Losses
In the first half of 2025, ethereum emerged as the leading blockchain ecosystem impacted by security breaches, with decentralized finance (DeFi) platforms incurring losses of approximately $470 million, as reported by the blockchain security firm SlowMist.
The mid-year analysis highlighted that ethereum-related projects experienced around $38.6 million in losses from a total of 121 recorded security incidents. Notably, DeFi platforms were the primary targets, accounting for 92 of these incidents and representing roughly 76% of the total financial losses during this timeframe.
Decrease in Incidents, Increase in Financial Impact
While the number of reported security incidents in the first half of 2025 decreased compared to the same period in 2024, the financial repercussions were significantly higher. The previous year saw 223 incidents resulting in losses of about $1.43 billion. In contrast, 2025 recorded 121 incidents but with estimated losses soaring to around $2.37 billion. SlowMist cautioned that the actual figures could be even greater, as some incidents may go unreported and the value of tokens can fluctuate.
Analysis of Attack Vectors
The report identified that the majority of attacks exploited account compromises and vulnerabilities within smart contracts. Account takeovers were the most prevalent, with 42 cases reported, followed closely by 35 incidents linked to contract weaknesses.
Emerging risks associated with ethereum’s EIP-7702 wallet delegation feature, introduced in the recent Pectra upgrade, were also highlighted. This feature allows users to authorize smart contracts to act on their behalf without changing their wallet address, which has raised concerns about potential security vulnerabilities.
New Risks from EIP-7702
One notable incident involved a phishing group known as Inferno Drainer, which reportedly siphoned off over $146,000 by exploiting this new mechanism. SlowMist emphasized that even if a contract is secure, users can still fall victim to phishing attacks that trick them into granting unauthorized access, allowing attackers to exploit the contract’s full capabilities.
The exploitation utilized standard wallet tools to mislead users into approving bulk token access, a risk that may evade detection by conventional anti-phishing measures.
Additional risks linked to EIP-7702 include possible private key leaks, replay attacks across different blockchains, and complications during wallet upgrades. Analysts from SlowMist warned that EIP-7702 introduces “new risk boundaries,” urging users to thoroughly understand whom they are authorizing and the permissions they are granting before signing any delegation agreements.
