$2.1B Crypto Stolen in 2025 as Hackers Shift Focus from Code to Users
Cryptocurrency hackers are increasingly turning their attention to exploiting human behavioral weaknesses, rather than targeting smart contract vulnerabilities, according to Ronghui Gu, co-founder of Web3 cybersecurity firm CertiK.
According to CertiK, more than $2.1 billion has been stolen in cryptocurrency-related attacks so far in 2025, with the bulk of losses coming from wallet compromises and phishing attacks. The rise of social engineering schemes suggests that hackers are shifting their attack vectors, as Gu noted during a recent interview.
Crypto phishing attacks, for example, involve attackers sharing fraudulent links to steal victims' sensitive information, such as the private keys to crypto wallets. This type of attack has already been used to great effect in the past, with $330.7 million worth of Bitcoin stolen from an elderly US individual's wallet earlier this year.
According to CertiK, phishing scams have cost the crypto industry over $1 billion across 296 incidents in 2024, making them the most costly attack vector for the industry. The cybersecurity expert attributes this trend to hackers shifting their focus away from smart contracts and blockchain infrastructure vulnerabilities towards exploiting loopholes in human behavior.
"Attackers always target the weakest point," Gu explained. "The industry must now invest in better wallet security, access control, real-time transaction monitoring, and simulation tools to reduce future incidents."
The lion's share of the stolen value in 2025 stemmed from a single incident: the $1.4 billion Bybit exchange hack on February 21, when the infamous North Korean Lazarus Group staged the largest exploit in crypto history. This incident accounted for more than 60% of the value lost in all crypto hacks in 2024, which saw $2.3 billion stolen across 760 on-chain security incidents.
The increasing number of social engineering attacks suggests that hackers are becoming increasingly sophisticated and adaptable. As Gu noted, "The industry must now invest in better protection measures to stay ahead of these types of attacks."