DEV Community

Cover image for The $3 Billion Loss Year: End-of-Year Security Report
Extropy.IO profile image Erick Fernandez
Erick Fernandez for Extropy.IO

Posted on • Originally published at security.extropy.io

The $3 Billion Loss Year: End-of-Year Security Report

#blockchain #security #zeroknowledge #ethereum

2025 made it unmistakably clear: in Web3, security is no longer a background concern or merely a checkbox; it is the defining factor separating the projects that survived from the ones that collapsed. With an estimation of more than $3 billion in losses across hacks, scams, protocol failures, and key management breaches this year, the ecosystem was forced into a harsh confrontation with its own maturity. While innovation accelerated, attacker sophistication and manoeuvring attacks outpaced both, revealing fundamental weaknesses that are no longer optional to address.

In Extropy, as a security auditing firm working across L1s, L2s, DeFi, gaming, and ZK applications, we reviewed real codebases and attack surfaces that could have resulted in catastrophic losses. We offer a picture of where Web3 security stands today and what development teams must prioritise going into 2026.

Some of the issues our audits uncovered this year

Our audits throughout the year exposed a pattern: even well-funded teams with experienced developers repeatedly fell into the same high-impact traps.

1. Incorrect Reward Accounting in Move Modules

One of the most consequential findings occurred within a Move-based staking system due to a subtle accounting error in the reward distribution logic.

  • The Issue: The function incorrectly subtracted the collectable_reward from the total removed value without isolating the principal from the reward flow.
  • Code Snippet: 
// Move
// native_pool.move (excerpt)
let collectable_reward = reward_amounts[i];
total_removed_value = total_removed_value - collectable_reward; // Incorrect deduction
Enter fullscreen mode Exit fullscreen mode
  • Impact: This failure to treat principal and rewards as distinct streams leads to corrupted validator balances, systemic reward imbalances (insolvency), and arithmetic cascades during subsequent cycles.

2. total_supply Underflow Causing Global DoS (Move)

We identified a high-severity vulnerability in a ticket-based staking protocol where critical global state variables were manipulated before validation.

  • The Issue: The total_supply was modified in the local execution context before verifying the user's available balance.
  • Impact: If the ticket_amount exceeds the balance, the transaction correctly reverts, but only after the total_supply has been modified. In specific runtime environments, this can lead to an underflow that freezes the contract's core functionality.

3. Settlement-Phase Financial Manipulation (Solidity)

During a Solidity audit, we uncovered a dangerous settlement design where external interactions and internal state updates were intermingled.

  • The Issue: Relying solely on the onlyAdmin modifier created a "security-by-access-control" fallacy that ignored the risks of compromised or malicious admin keys.
  • Code Snippet: 
// Solidity
function settle() external onlyAdmin {
    uint256 payout = calculatePayout(user);
    userBalances[user] -= payout; // Updated before final validation
    (bool ok,) = user.call{value: payout}(""); // Mixed with external call
}
Enter fullscreen mode Exit fullscreen mode
  • Impact: This allowed for state inconsistency and atomic misordering, demonstrating that security must be enforced at the state level.

4. Resolver / State Desynchronisation in ZK Games

In ZK-powered gaming systems (Mina/o1js), we identified a recurring structural weakness involving desynchronisation between off-chain resolvers and on-chain verification.

  • The Issue: The backend infrastructure updated game states independently of the zkApp's on-chain validation.
  • Impact: Without a cryptographic "handshake," the system was vulnerable to forged state transitions and replay inconsistencies.

5. Lack of Replay Protection & Weak Message Identity

A pervasive issue across multi-chain and intent-based systems was the absence of robust message-identity controls.

  • The Issue: Hashing functions lacked domain separators or nonces, making signatures vulnerable to collision or forgery.
  • Impact: Signatures authorized for an action on one chain could be replayed to drain funds on another, a primary driver of cross-chain liquidity loss in 2025.

Analysis: The State of Web3 Security

These findings reveal a fundamental shift in the threat landscape where attackers have pivoted toward architectural exploitation.

  • Failure of "Safe-by-Default": Over-reliance on the safety of Move and Rust led to "psychological safety," where developers assumed compilation precluded the need for invariant enforcement.
  • Verification Gap: In ZK systems, the weakest link is often the off-chain resolver—the bridge that must maintain consistency between the proof, the contract, and the server.
  • Operational & Admin Risk: Privileged admin pathways were responsible for approximately $1.6 billion (70%) of stolen funds in the first half of 2025.
  • Human-Centric Vectors: Roughly 40% of losses occurred via phishing, unauthorised permit signatures, and front-running, indicating that operational workflows remain highly vulnerable.

Recommendations for 2026

  1. Defensive Architecture: Implement automated on-chain invariant checks and algorithmic circuit breakers to degrade gracefully during attacks.
  2. Precision Access Control: Move toward granular, time-locked capabilities and enforce "Least Privilege" for dev-ops pipelines.
  3. Identity Integrity: Mandate EIP-712 domain separation and ensure off-chain resolvers are cryptographically bound to the on-chain source of truth.
  4. User Protection: Integrate transaction simulation into UIs to prevent "blind-signing" and conduct adversarial UX testing against phishing.

Future Outlook

In 2026, we expect security to serve as a core business differentiator. As highlighted at Abu Dhabi Fintech Week 2025, institutional adoption hinges on provable resilience. The threat landscape will continue to professionalise with AI-driven social engineering and autonomous predator swarms, reinforcing that Web3 security is now full-stack system security.

Final Words

The future of Web3 security is not about the total elimination of risk, but about the rigorous containment and engineering of that risk.
The tools exist; the remaining question is whether development teams will treat security as an indispensable foundation or an afterthought.
Over the next few weeks will be supplying security guidelines and checklists for Web3 developers to ensure that your start to 2026 is a secure one.

Originally published on: security.extropy.io

Top comments (0)