$2.1B crypto stolen in 2025 as hackers shift focus from code to users: CertiK

Cryptocurrency hackers are moving away from exploiting smart contract vulnerabilities and targeting users through social engineering schemes, Web3 cybersecurity company CertiK said.

More than $2.1 billion has been stolen in cryptocurrency-related attacks so far in 2025, with the bulk of losses coming from wallet compromises and phishing attacks,accordingto CertiK.

Crypto phishing attacksare social engineering schemes where attackers share fraudulent links to steal victims’ sensitive information, such as the private keys to crypto wallets.

The increasing number of social engineering attacks suggests hackers are shifting attack vectors, according to Ronghui Gu, the co-founder of CertiK.

Related:Coinbase data leak could put users in physical danger: TechCrunch founder

CertiK observed a shift in attack patterns from smart contracts and blockchain infrastructure vulnerabilities to exploiting loopholes in human behavior, Gu told Cointelegraph during the Chain Reaction daily X spacesshowon June 2, adding:

Phishing scams costthe crypto industry over $1 billion across 296 incidents in 2024, making them the most costly attack vector for the industry, according to CertiK.

The cybersecurity expert’s comments come just a month after asocial engineering schemesaw $330.7 million worth of BitcoinBTC$105,681BitcoinChange (24h)0.36%Market Cap$2.09TVolume (24h)$27.55BView Morestolen from the wallet of an elderly US individual, Cointelegraph reported on April 30.

Social engineering schemes likeaddress poisoningdon’t require any hacking. Instead, attackers trick victims into sending assets to fraudulent wallet addresses.

Related:Hoskinson promises audit, is ‘deeply hurt’ by $600M Cardano treasury claims

Hackers always target the weakest link

While the rise of social engineering schemes is a concerning sign, it may be a signal of more robust decentralized finance (DeFi) protocols.

“Attackers always target the weakest point,” explained CertiK’s Gu, adding:

Gu said the industry must now invest in better wallet security, access control, real-time transaction monitoring, and simulation tools to reduce future incidents.

The lion’s share of the stolen value in 2025stemmed from the $1.4 billion Bybit exchange hackon Feb. 21, when the infamousNorth Korean Lazarus Groupstaged the largest exploitin crypto history.

That single incident accounted for more than 60% of the value lost in all crypto hacks in 2024, when the industry saw $2.3 billion stolen across 760 onchain security incidents,accordingto CertiK’s annual Hack3d report.

Magazine:Coinbase hack shows the law probably won’t protect you: Here’s why

Explore more articles like this

Subscribe to the Finance Redefined newsletter

A weekly toolkit that breaks down the latest DeFi developments, offers sharp analysis, and uncovers new financial opportunities to help you make smart decisions with confidence. Delivered every Friday

By subscribing, you agree to ourTerms of Services and Privacy Policy