区块链安全趋势与反洗钱格局报告

Table of Contents I. Introduction2II. Blockchain Security Trends22.1 Overview of Blockchain Security Incidents22.2 Fraud Tactics42.2.1 Phishing Using EIP-770242.2.2 Deepfakes72.2.3 Telegram Fake Safeguard Scam112.2.4 Malicious Browser Extensions152.2.5 LinkedIn Recruitment Phishing212.2.6 Social Engineering Attacks252.2.7 Backdoor Supply Chain Attacks via Low-Cost AI Tools292.2.8 Unrestricted Large Language Models (LLMs)31III. Anti-Money Laundering Landscape343.1 Global Regulatory Developments343.1.1 Asia343.1.2 Europe383.1.3 North America393.1.4 Latin America403.1.5 Middle East413.2 Frozen & Recovered Funds423.3 Threat Actor Developments443.3.1 Lazarus Group443.3.2 Drainers563.3.3 HuionePay603.4 Mixing Services693.4.1 Tornado Cash693.4.2 eXch70IV. Summary74V. Disclaimer74VI. About Us75 I. Introduction In thefirst half of 2025, the blockchain industry continued its rapid development while grapplingwith increasingly complex security threats and compliance challenges. On the one hand, hackerattacks remained highly active. APT groups demonstrated more modular and systematic attacktechniques, while phishing and social engineering attacks became rampant, leading to significantasset losses and a growing crisis of user trust. On the other hand, the global regulatory landscapeevolved rapidly, with governments and international organizations frequently introducing newrules related to anti-money laundering (AML), sanctions, and consumer protection. A key trend worth noting is the steady evolution of stablecoins into critical infrastructureconnecting traditionalfinance with on-chainfinance. Major globalfinancial institutions andleading crypto platforms are accelerating their strategic deployment of stablecoins. At the sametime, undergroundfinancialflows continue to evolve. Blockchain tracing technologies andintelligence collaboration mechanisms are becoming more advanced, and cooperation betweenregulators and leading platforms is deepening. As a result, the number of asset freeze andrecovery cases has grown significantly, sending a strong deterrent signal to on-chain crime andillicit funds. As a pioneer in blockchain security, SlowMist continues to focus on threat intelligence, attackmonitoring, on-chain tracing, and compliance support. Against this backdrop, this reporthighlights the major security incidents, regulatory developments, and on-chain AML trends of thefirst half of 2025. We hope this report serves as a timely, systematic, and insightful reference forindustry practitioners, security researchers, and compliance professionals—enhancing their abilityto identify, respond to, and anticipate risks. II. Blockchain Security Trends 2.1 Overview of Blockchain Security Incidents In thefirst half of 2025, the blockchain sector continued to face severe security challenges.According to incomplete statistics fromSlowMist Hacked, a blockchain security incident archive maintained by SlowMist, a total of 121 security incidents occurred during this period, resulting inapproximately $2.373 billion in losses. In comparison, thefirst half of 2024 saw 223 incidents with around $1.43 billion in losses. Whilethe number of incidents declined year-over-year, the total amount of losses increased byapproximately 65.94%. (Note: The data in this report is based on token prices at the time of eachincident. Due to pricefluctuations, unreported cases, and the exclusion of individual user losses,the actual amount of losses is likely higher than thefigures presented.) (1) By Ecosystem Ethereum remained the hardest-hit ecosystem, with related losses totaling approximately $38.59million. It was followed by Solana with around $5.8 million in losses, and BSC with about $5.49million. (2) By Project Type DeFi remained the most frequently targeted sector. In thefirst half of 2025, there were 92DeFi-related security incidents, accounting for 76.03% of the total 121 incidents, with total lossesreaching approximately $470 million. Compared to thefirst half of 2024 (158 incidents, about$659 million in losses), this represents a year-over-year decrease of 28.67% in total losses. The second most affected category was centralized exchange platforms, with 11 incidentsreported. However, these incidents accounted for a staggering $1.883 billion in losses. The mostsevere case involved an attack on Bybit, resulting in approximately $1.46 billion in losses from asingle incident. (3) By Loss Scale In thefirst half of 2025, two incidents resulted in losses exceeding $100 million. The top 10largest attacks collectively caused a total loss of $2.018 billion. Below is a list of the top 10attacks by loss in H1 2025: (4) By Attack Vector Account compromises were the most common cause of security incidents, with 42 casesreported. This was followed by smart contract vulnerabilities, which accounted for 35 incidents. 2.2 Fraud Tactics In addition to direct attacks on projects and protocols, scams targeting individual users have alsoevolved rapidly. B