Hackers in the crypto world are changing course, moving away from exploiting smart contracts and turning their focus toward tricking users directly.
According to Web3 security firm CertiK, the bulk of the $2.1 billion lost in crypto hacks so far in 2025 has come from phishing schemes and compromised wallets.
Instead of targeting protocol vulnerabilities, attackers are now using deceptive tactics to steal private keys and access user funds. CertiK co-founder Ronghui Gu told Cointelegraph during a June 2 X Spaces session that this shift highlights a growing trend: human behavior is now the primary attack surface, not the code.
Since 2024, phishing scams have become the most damaging attack vector, costing the industry over $1 billion across nearly 300 incidents. These scams often involve fake links and wallet address tricks, requiring little technical skill to execute.
The shift in tactics comes as DeFi protocols improve their security. Gu noted that attackers simply pivot to where defenses are weakest—now that smart contracts are harder to exploit, users themselves are the new target.
One striking example is the $330.7 million Bitcoin theft from a U.S. victim earlier this year, which didn’t involve hacking but rather deception.
Gu stressed the need for stronger wallet protection, better access controls, and real-time monitoring to combat this evolving threat landscape.
The largest incident of the year remains the $1.4 billion Bybit hack in February, attributed to North Korea’s Lazarus Group. That single breach accounts for over 60% of total losses in 2025, approaching last year’s full-year total of $2.3 billion across 760 attacks.
As traditional code-based exploits decline, the crypto industry now faces a new challenge: securing the human layer.
The U.S. Department of Justice has sentenced Dwayne Golden, 57, of Pennsylvania to 97 months in prison for orchestrating a fraudulent crypto investment scheme that stole over $40 million from investors.
The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.
A new breed of cyber-attack is sweeping through crypto media, exploiting site pop-ups and wallet-connect prompts instead of smart-contract bugs.
CoinMarketCap, one of the most widely used crypto data tracking platforms, is reportedly facing a front-end security breach, with multiple users encountering a suspicious prompt to verify their wallets.