Web3 continues to bleed money in 2025. According to a new Chain Retrieval report, over $2 billion was lost to hacks in just the first half of the year — and a shocking amount of it came down to multisig failures.
In total, 40% of all stolen funds were traced back to poorly implemented or mismanaged multisig wallets. While multisig is supposed to improve security by requiring multiple approvals before moving funds, many teams are using outdated or vulnerable setups that leave treasury wallets wide open.
The report, titled “The State of Web3 Security H1 2025,” warns that these failures are no longer rare glitches. They are systematic problems across DeFi, DAOs, and even well-funded L1 and L2 chains.
Chain Retrieval found that Ethereum and BNB Smart Chain once again led in total losses, accounting for over $1.2 billion combined. The common theme? Multisig wallets that could be bypassed, reset, or compromised due to poor key management.
Poor Key Management and Weak Protocol Design Fuel Losses
Multisig wallets are only as strong as the people and systems managing them. Chain Retrieval’s analysis shows that in many cases:
-
Signers lost private keys or failed to use secure storage
-
Protocols had hardcoded signers, making them easy to track and target
-
Some wallets had signers all controlled by one person — defeating the purpose of multisig altogether
In one major exploit, a DAO lost $110 million after attackers gained access to three out of five signer wallets via phishing. The attack didn’t require smart contract flaws — it simply relied on human error and weak security hygiene.
Other findings from the report include:
-
Over 45% of protocols still don’t rotate multisig keys regularly
-
Only 30% use hardware wallets for multisig
-
Around 60% of exploited protocols lacked external audits
-
Time to detect and respond to attacks averaged 9.4 hours
The Chain Retrieval team points out that many protocols treat multisig as a box to check — not a living, evolving security layer that needs active management and regular upgrades.
As Web3 continues to scale, attackers are targeting governance layers and treasury controls more than ever. If multisig systems remain weak, bigger and more frequent losses are almost guaranteed.