Web3 continues to bleed money in 2025, and the trend is showing no signs of slowing. According to a new Chain Retrieval report, over $2 billion was lost to hacks in just the first half of the year — and, alarmingly, a large share came from multisig failures.
In total, 40% of all stolen funds were traced back to poorly implemented or mismanaged multisig wallets. Although multisig is designed to improve security by requiring multiple approvals before moving funds, many teams are relying on outdated or vulnerable setups that leave treasury wallets exposed.
The report, titled “The State of Web3 Security H1 2025,” warns that these failures are no longer rare glitches. Instead, they have become systematic problems across DeFi, DAOs, and even well-funded L1 and L2 chains.
Furthermore, Chain Retrieval found that Ethereum and BNB Smart Chain once again led in total losses, accounting for over $1.2 billion combined. The common thread? Multisig wallets that could be bypassed, reset, or compromised due to poor key management.
Poor Key Management and Weak Protocol Design Fuel Losses
Multisig wallets are only as strong as the people and systems managing them. Specifically, Chain Retrieval’s analysis shows that in many cases:
-
Signers lost private keys or failed to use secure storage
-
Protocols had hardcoded signers, making them easy to track and target
-
Some wallets had signers all controlled by one person — thereby defeating the purpose of multisig altogether
For example, in one major exploit, a DAO lost $110 million after attackers gained access to three out of five signer wallets via phishing. The attack didn’t require smart contract flaws — rather, it relied entirely on human error and weak security hygiene.
Other findings from the report include:
-
Over 45% of protocols still don’t rotate multisig keys regularly
-
Only 30% use hardware wallets for multisig
-
Around 60% of exploited protocols lacked external audits
-
Time to detect and respond to attacks averaged 9.4 hours
Moreover, the Chain Retrieval team points out that many protocols treat multisig as a box to check — instead of a living, evolving security layer that needs active management and regular upgrades.
As Web3 continues to scale, attackers are targeting governance layers and treasury controls more than ever. Consequently, if multisig systems remain weak, bigger and more frequent losses are almost certain.