Ethereum has increasingly faced serious security incidents that are raising concerns about the network’s resilience and user trust. From large-scale DeFi platform hacks to novel peer-to-peer attack vectors, these vulnerabilities highlight troublesome patterns and emerging threats despite Ethereum’s ongoing technical evolution.
The Rising Tide of Major Exploits
Security incidents on Ethereum—and platforms built atop it—have surged in impact through 2025. Notably, the Bybit hack in February 2025 saw approximately $1.5 billion in Ethereum assets stolen through a compromised cold wallet during a routine transfer. The attack was widely attributed to the North Korea-linked Lazarus Group, and triggered widespread panic, market volatility, and a rush of user withdrawals .
This single event alone significantly skewed annual loss figures. Reports show Ethereum-related ecosystems experienced around $2.37 billion in breaches in the first half of 2025, predominantly affecting DeFi platforms .
Annual Breakdown: Ethereum Under Siege
Across the full year of 2025, Ethereum remained the most targeted blockchain, comprising 170 security incidents which led to approximately $2.25 billion in losses—nearly two-thirds of total losses across all chains . Broader assessments place Ethereum at the center of 310 combined hacks, scams, and exploits, totaling $1.7 billion in losses . These figures illuminate both frequent small-scale attacks and a few catastrophic, high-value breaches.
Attack Types: From Contracts to Supply Chains
Several distinct attack vectors are fueling Ethereum’s growing insecurity:
- Smart contract vulnerabilities, especially business logic flaws, were responsible for a substantial share of financial losses—over $556 million across 62 exploit cases in 2025 .
- Supply chain attacks, though few in number, accounted for nearly half of the total stolen value—over $1.45 billion in just two incidents .
- Phishing schemes, including social engineering and address spoofing, remained the most common type of attack, with 248 recorded incidents resulting in over $722 million stolen .
These attack vectors illustrate a dual threat landscape—involving both technical exploits and human-targeted deception.
Novel Threat Vectors: Eclipse and Routing Attacks
Ethereum’s complexity and decentralization come with architectural risks as well.
-
A recent academic study demonstrated how eclipse attacks—which isolate nodes from the legitimate peer-to-peer network—can be executed in post-Merge Ethereum. By manipulating DNS peer lists and hijacking idle slots, attackers could fully isolate a node using minimal resources—a striking vulnerability .
-
Similarly, routing-level attacks targeting Proof-of-Stake consensus (such as StakeBleed and KnockBlock) can disrupt block finality or extract unfair MEV gains. These require the attacker to hijack only a handful of IP prefixes for short durations, yet can lead to significant disruptions .
Address Poisoning and Emerging Risks
Another insidious method gaining traction is address poisoning, where visually similar wallet addresses are used to trick users into misdirecting funds. Ethereum’s integration with high-value stablecoin flows makes it particularly vulnerable. In December 2025, a single poisoning event led to a $50 million USDT loss, with broader incidents across chains estimated around $83 million .
In 2025 alone, Ethereum accounted for 91% of all address poisoning events, translating to devastating financial impact and highlighting growing automation in phishing strategies .
Network Resilience: Staking vs. Centralization Risks
Despite mounting threats, Ethereum’s security model remains robust in several respects. Over 35 million ETH—valued at more than $91 billion—is staked, creating a formidable economic barrier to network-level attacks like 51% takeovers .
That said, client centralization remains a looming vulnerability. The dominance of the Geth client, used by over 85% of validators, means a severe bug could disrupt operations or incur financial penalty across a large swath of the network .
Meanwhile, temporary glitches in other clients (like Prysm) create minor disruptions, though Ethereum’s architecture has quickly compensated in past incidents .
Real-World Narrative: The Step Finance Breach
Early 2026 saw another DeFi entity fall victim. On January 31, Step Finance reported that executive devices were compromised, leading to a theft of nearly $40 million—a combination of SOL tokens and other assets .
Swift incident response recovered a portion of funds, but the event underscores how even peripheral actors in Ethereum’s broader DeFi ecosystem remain at risk from basic operational vulnerabilities.
Quote from Industry Analysis
“Attackers exploit reduced oversight to maximise exit time. Crypto crime has entered a new phase, one defined less by volume and more by the scale and sophistication of individual incidents.”
— Nick Smart, Chief Intelligence Officer, Crystal Intelligence
Conclusion
Ethereum’s security is at a critical juncture. The network endures not only frequent small-scale exploits but also devastating, sophisticated breaches spanning smart contracts, supply chains, and infrastructure. Novel systemic threats—like eclipse, routing, and address poisoning attacks—compound risk, even as staking-based defenses remain robust. Addressing these layered vulnerabilities will require coordinated upgrades across operational, technical, and governance domains to preserve trust and long-term resilience.
FAQs
What has been Ethereum’s single largest security loss?
The largest-known incident was the Bybit exchange hack in February 2025, where approximately $1.5 billion in Ethereum was stolen via compromised cold wallet operations .
Which attack type poses the greatest financial threat to Ethereum?
Supply chain attacks, although few, have caused the largest financial damage—about $1.45 billion lost in just two incidents in 2025 .
How significant are technical network attacks like eclipse or routing threats?
They’re increasingly dangerous. Studies show eclipse and PoS routing attacks can isolate nodes or disrupt consensus using minimal resources, indicating substantial infrastructure risk .
Can staking protect Ethereum from serious threats?
High staking levels (over $91 billion worth of ETH) make network-level attacks like 51% takeovers economically infeasible. However, centralized client use still introduces vulnerability .
What’s driving the rise in address poisoning attacks?
Attackers now automate phishing using visually similar addresses and AI, exploiting human error on interfaces. In 2025, Ethereum accounted for 91% of address poisoning cases, with enormous losses .
Is Ethereum still safe for users and developers?
While many vulnerabilities exist, rapid patching of glitches, strong staking security, and ongoing infrastructure audits suggest that, with care, Ethereum remains a viable platform.
