This content originally appeared on HackerNoon and was authored by Harry Hood
The first half of 2025 was brutal for Web3. Over $3.1 billion in losses. Not from rugs or untested contracts. No, this time the biggest holes were human. Misconfigured multisigs, forgotten admin controls, and a new wave of AI-driven chaos turned even hardened protocols into sitting ducks.
\
The Real Exploit: People
Let’s be real. Most of the carnage didn’t come from code. It came from negligence. Around 60% of all losses came from human errors, stuff like leaked private keys, access control screwups, and unaudited signer permissions.
\ Take Bybit. One of the biggest breaches of the year: $1.46 billion drained through a single transaction. No protocol bug. No contract flaw. Just poor ops hygiene.
\ Then came the social engineering wave. Scammers cleaned out $594 million by pretending to be support, hijacking accounts, and faking identities. One elderly investor alone got fleeced for $330 million in Bitcoin, all by clicking the wrong link.
\
AI Is the New Zero Day
Just as teams were catching up on multisigs, AI attacks exploded. We're talking a 1,025% increase in exploits using large language models, rogue agents, poisoned datasets, and backdoored APIs. Open-source AI stacks like Langflow and BentoML turned into hacker playgrounds, with attackers using them to trigger remote code execution and hijack agent logic.
\ Worse still, there's “vibe hacking” using AI-generated language and tone to build false trust and social engineer even seasoned users. The line between malware and manipulation is now razor-thin.
\ And with over a third of Web3 projects now using AI agents, the attack surface is getting weirder and wider by the day.
\
Smart Contracts Still Bleed
Even after years of testing and audits, DeFi contracts remain an open wound.
\ The Cetus exploit alone wiped out €223 million in seconds, all due to a single overflow bug that rippled across 264 liquidity pools. One line of code. Huge blast radius.
\ Then there was Uniswap V4, where a missing permission check let an attacker inject unauthorized calldata. The result? €12 million gone. Fake tokens in, real tokens out.
\ Hacken’s Fix: Autonomous On-Chain Defense
\ Old-school audits aren’t cutting it. Hacken says it’s time to stop playing defense like it’s 2020. Their approach is about speed, autonomy, and automation, real-time security tooling that fights back as fast as the threats evolve.
\ Their updated Extractor platform includes:
- Multisig Monitoring that watches signer behaviour live
- TVL Tracking to flag abnormal fund movements instantly
- Automated Incident Response that rotates keys, pauses contracts, and kicks out bad signers — all without human intervention
\ This isn’t a dashboard you stare at after the fact. It’s a guardian that acts before the breach makes the news.
\
Compliance: Not Optional Anymore
While the builders build, regulators are starting to bite. ISO 4200. The EU AI Act. Global watchdogs are coming for protocols that treat compliance like an afterthought.
\ Hacken’s stack is trying to stay ahead — with AI security audits, ISO-aligned access control systems, red-team simulations, and emergency response pipelines. Because in a world where attacks happen in seconds, quarterly reviews won’t save you.
\ Web3 doesn’t need more FUD. It needs code that fights back.
\ Security has to be as composable, modular, and fast-moving as the DeFi it's defending. Hackers aren’t waiting. AI isn’t slowing down. If your stack isn’t watching itself in real time, it’s probably already compromised.
\
This content originally appeared on HackerNoon and was authored by Harry Hood
Harry Hood | Sciencx (2025-07-29T13:31:57+00:00) Web3 Got Rekt Again — But the Fix Is Already Here. Retrieved from https://www.scien.cx/2025/07/29/web3-got-rekt-again-but-the-fix-is-already-here/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.