A comprehensive annual report by cybersecurity firm SlowMist reveals a significant shift in the blockchain security landscape for 2025. While the total number of security incidents dropped to approximately 200 from 410 in 2024, the total financial losses surged by about 46% to an estimated $2.94 billion. This indicates attacks are becoming fewer but more financially devastating. The report highlights that the decentralized finance (DeFi) sector remained the most frequently targeted, accounting for 126 incidents (63% of the total) and $649 million in losses. However, the most severe single incident was an attack on the centralized exchange Bybit, resulting in a loss of approximately $1.46 billion. The Ethereum ecosystem suffered the highest aggregate losses at around $254 million. Key attack vectors evolved throughout the year. Contract vulnerabilities and compromised social media accounts (notably on platform X) were leading causes. Phishing attacks grew more sophisticated, moving beyond simple seed phrase theft to complex schemes involving ‘guided operations’ that trick users into authorizing malicious transactions. Social engineering, supply chain poisoning of open-source code, and malicious browser extensions also saw increased prevalence. A notable trend was the professionalization and ‘as-a-Service’ model of cybercrime. Ransomware and Malware-as-a-Service (RaaS/MaaS) lowered the technical barrier for attackers, enabling more individuals to launch sophisticated campaigns. State-affiliated actors, particularly North Korean hacker groups, remained highly active, reportedly stealing over $1.6 billion in crypto assets in the first nine months of 2025 alone. On the regulatory and anti-money laundering (AML) front, 2025 saw a global escalation in enforcement. Authorities moved from policy guidance to direct action, including asset freezes, sanctions, and cross-border joint operations targeting crypto laundering, fraud, and sanctions evasion. Regulatory frameworks worldwide are becoming more structured, with a focus on AML/KYC compliance, tax transparency, and custody security. The report concludes that security and compliance have transitioned from ‘add-on capabilities’ to fundamental ‘business survival thresholds.’ It emphasizes the need for a proactive, closed-loop security system encompassing pre-event audits, real-time monitoring, and post-incident response and tracing. SlowMist notes that in 2025, it assisted in freezing or recovering approximately $19.3 million in assets for clients and partners.