TL; DR
- As decentralized Finance (DEFI) Hacks Grow in Volume and Complexity, The Crypto Industry is Moving Toward Proactive Defense.
- Chainalysis Hexagate is playing a key role in this shift, Using pattern recognition and machine learning to flag high-risk and suspicious defi activity in real time.
- Nearly 6.2 Million New Smart Contracts Were Created in Q1 2025, Surpassing the Total Ament Created in 2024.
- In Q1 2025, Chainalysis Hexagate's Machine Learning Model Flagged More Than $ 402.1 Million in Risky Assets Tied to Malicious DEFI ACTIVITY.
In the Early Years of Blockchain, Responses to Hacks and Exploits Were Primary Reactive, Often Occurring Only After Damage Had Been done. However, with Advancements in Technology and Analytics, The Industry is Now Shifting Toward A Proactive Approach, Emphasizing Prevention through Real-Time Monitoring and Intelligent Threat Detection. Chainalysis Hexagate Brings This Shift to Life, Using Pattern Recognition and Machine Learning (ML) to detect decentralized Finance (DEFI) Hack Activity Before It occurs.
Keep Reading to Learn More About Evolving Trends in Defi Hacks and Several Risky Events Thus Far in 2025 that chainalysis hexagate identified before exploits occurred.
Ethereum Smart Contract Events: How Many Appear Malicious?
Every Year, More Than Five Million Smart Contracts Are Created On The Ethereum Blockchain, Approximately 20% (One million) of which are actively used on an annual basis. In Q1 2025 Alone, Nearly 6.2 Million New Smart Contracts Were Created, Surpassing the Total Ament Created in 2024. This Number Reflects The Network's Expanding Use Across Defi, Gaming, and Beyond.
Between January and March 2025, There Were 261,000 Unique Events Emitted On Ethereum, with approximataly 20% Actively used on Annual Basis (52,200). On Ethereum, Emitting an Event Refers to Smart Contract Logging A specific action on the blockchain. Events are commonly used to record important steps in a transaction, such as a token being transferred or to swap taking place. Overall, The Lack of Active Events Emitted Suggests A Massive Surface Area of Potentiallly obscure or Risky Activity, as legitimate smart contracts are typically deployed more regularly.
As we see in the Below Chart, the Most Frequently Emitted Event on Ethereum Thus Far in 2025 has been transfer, Which occurs when Erc-20 tokens are transferred between addresses. This event is the Basic Building Block for Any Token-Based Activity, Including Payments, Rewards, and User Interactions.
Other frequently observed events come from contracts and include:
- Swap: Triggered When A User Exchanges One token for another on has decentralized Exchange (DEX).
- Approval: Occurs when to use gives permission to contract to spend their tokens.
- Sync: Used by Liquidity Pools to Update Price or Reserve ratios.
- Deposit: Indicates that a user has added funds to a contract, often in the context of sting or providing liquidity.
According to Chainalysis Hexagate Data, Risky Events on Ethereum take up Only 0.2% of Total Events Emitted in 2025. Risky events include Initialized,, Roleand Removedownerwhich Chainalysis Hexagate has identified as high-risk signatures.
The “Initialized” Event is typically Emitted When A Smart Contract Becomes Operational and signals that the contract has been assigned its initial configuration. The “Rolegranéd” Event indicates that a specific address has been assigned to defined role withn a smart contract's access control. And the “Removeowner” Event is triggered when an address with ownership or administrative Rights is removated from a contract's list of authorized controllers.
Although rare, these events typically lead to major losss and therefore require close monitoring to ensure that legitimate users are not put at risk. Chainalysis Hexagate Utilizes Real-Time Monitoring of these events and machine learning models to proactively identify and mitigate potential threats.
Chainalysis hexagate can detect threats before they occur
In the First Quarter of 2025, Chainalysis Hexagate's Machine Learning Model Flagged More than 402.1 million in Risky Assets Tied to Malicious Activity, With Loves Surging 60.71% Between February and March. This Type of Activity included assets Stolen from Defi, Centralized Exchanges (CEXS), and Token Smart Contracts.
Given the Rise in Phishing Attacks, it's crucial to Dig Deeper Into the Above Topline Figures To Understand Just How Much of the Malicious Activity can be trapd back to phishing schemes specificly. Between January and March 2025, Approximately 18,000 phishing tokens Were Created. Each MONTH, PHISHING TOKENS IMPACT More than 50 million wallets; In March 2025 Alone, 400,000 were affected services.
A Growing Threat Surface in 2025: DPRK-LINKED ATTACKS AND VOLUME OF ON-CHAIN
Crypto's expanding footprint in 2025 has been put with a surge in sophisticated exploit attempts across the ecosystem. Evidence of this Growing Threat Includes The Scale of DPRK-LINKED Thefts and the meaning of the Top 10 Attacks Identified by Chainalysis Hexagate.
As we report in our 2025 Crypto Crime Report, North Korea-Linked Hackers Stole More from CryptoToms Than Ever Before in 2024. Unfortunately, Stolen Funds Linked to the DPRK Are Continuing to Grow-2025 Numbers Are Already Trending Higher Than Those of 2024 and Have Surpassed $ 1 Billion.
Additionally, the volume and complexity of on-chain exploits are increasing monthly-Chainalysis hexagate's detection volume doubled from January to March 2025. In the chart below, we see the top 10 hacks in q1 2025, all of which of that were deteted by Chainalysis hexagate as potentia Occurred exploits. Although Many of these events we not not disrupted in real-time, they provide an important reminder for hexagate users to increase their defenses against Malicious Attacks.
Staying Ahead of Evolving Crypto-Related Threats
Malicious on-chain Activity is becoming more frequent and more complex. From Phishing Schemes to Social Engineering Exploits, Threat Actors in 2025 Are adapting Quickly – and so must the Defenses. As these tactics Evolve, the need for proactive, real-time protection has never been more urgent. Chainalysis Hexagate Helps Fill that Gap, Using Machine Learning and On-Chain Intelligence to Stop Exploits Before They Escalate.
Book A Demo of Chainalysis Hexagate's Security Solution here.
This website contains links to third-party sites that are not the control of chainalysis, Inc. or its affiliates (Collectively “Chainalysis”). Access to Such Information DES NOT IMPLY ASSOCIATION With, Endorsment of, Approval of, or Recommendation by Chainalysis of the site or its operators, and chainalysis is not responsible for the product, services, or other content hosted there.
This Material is for Informational Purposses Only, and is not intended to provide Legal, Tax, Financial, or Investment Advice. Should Should Consult Their Own Advisors Before Making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with container's use of this material.
Chainalysis dues not guaranto or warrant the accuracy, Completeness, Timeliness, follow -up or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such matterial.
