The blockchain ecosystem continues to face significant security challenges, as highlighted by SlowMist’s May 2025 Security Report and their analysis of unrestricted large language models (LLMs) posing new risks to cryptocurrency security.
According to the SlowMist Hacked Archive, May 2025 saw Web3 security incidents resulting in approximately $266 million in losses, driven by 15 hacking incidents and widespread phishing attacks.
Meanwhile, the rapid rise of advanced AI tools, particularly unrestricted LLMs, is creating new vulnerabilities that could further destabilize the crypto landscape if left unaddressed.
Together, these developments underscore the urgent need for robust security measures in the evolving Web3 ecosystem
SlowMist’s May 2025 report paints a grim picture of the Web3 security landscape, with total losses reaching $266 million.
The 15 recorded hacking incidents caused $257 million in damages, though $162 million was successfully frozen or recovered, demonstrating the value of rapid response and on-chain tracing.
The report identifies smart contract vulnerabilities, oracle manipulation, and account compromises as primary causes of these breaches.
A standout incident was the attack on Cetus, a liquidity protocol on the SUI ecosystem, which suffered a staggering $230 million loss on May 22, 2025.
This attack exploited a mathematical overflow vulnerability in the protocol’s checked_shlw function, allowing the attacker to manipulate liquidity pools with just one token, resulting in billions in illicit gains.
SlowMist’s analysis emphasizes the sophistication of this attack and urges developers to rigorously validate mathematical functions in smart contracts to prevent similar exploits.
Phishing attacks also contributed significantly to May’s losses.
According to Scam Sniffer, 7,164 victims fell prey to phishing scams, losing $9.63 million.
These incidents highlight the persistent threat of social engineering in the crypto space, where attackers exploit user trust to gain access to funds.
SlowMist recommends that projects conduct regular security audits, implement comprehensive incident response plans, and educate users to verify information and avoid phishing traps.
The recovery of substantial funds in May underscores the importance of collaboration between security teams, exchanges, and blockchain analytics tools like MistTrack, which played a key role in tracing and freezing stolen assets.
Compounding these traditional threats is the emergence of unrestricted LLMs, as detailed in SlowMist’s update, Pandora’s Box: How Unrestricted LLMs Threaten Crypto Security.
Advanced AI models, such as OpenAI’s GPT series and Google’s Gemini, are transforming industries with their capabilities.
However, unrestricted versions of these models, which lack safety guardrails, are being exploited by malicious actors to target the crypto ecosystem.
These LLMs can generate highly convincing phishing messages, craft malicious smart contracts, and even exploit vulnerabilities in real time, lowering the technical barrier for cyberattacks.
SlowMist highlights how unrestricted LLMs enable attackers to automate sophisticated scams, such as creating fake investment opportunities or impersonating trusted entities.
For instance, North Korean hacker groups like Lazarus have reportedly leveraged these tools to enhance phishing campaigns, posing as legitimate firms to deceive crypto projects.
The accessibility of open-source LLMs further amplifies this threat, allowing even novice attackers to execute complex schemes.
SlowMist warns that without proper regulation and countermeasures, these models could exacerbate the already severe security challenges in Web3.
Both reports emphasize proactive measures to mitigate risks.
For traditional threats, SlowMist advocates for rigorous smart contract audits, enhanced access controls, and user education to combat phishing.
To address LLM-related risks, they recommend that projects adopt AI-specific security protocols, such as monitoring for anomalous transaction patterns and integrating advanced threat detection systems.
SlowMist’s partnerships with firms like Akamai and BitDefender, along with their tools like FireWall.x and MistEye, are critical in this fight.
The $266 million in losses in May 2025 and the growing threat of unrestricted LLMs highlight the dynamic and evolving nature of Web3 security risks.
As blockchain adoption grows, so does the sophistication of attacks.
SlowMist’s insights serve as a call to action for developers, users, and regulators to prioritize security, ensuring the blockchain ecosystem remains a safe space for innovation.