Cryptocurrency hackers have stolen more than $2.1 billion so far in 2025, with a growing number of attacks targeting individuals. Through social engineering schemes rather than exploiting code vulnerabilities, according to Web3 cybersecurity firm CertiK.
The firm’s co-founder, Ronghui Gu, during the June 2 edition of the Chain Reaction X Spaces broadcast, said that attackers are increasingly moving away from smart contract exploits and blockchain infrastructure flaws, and instead focusing on manipulating human behavior.
The majority of this $2.1 billion was caused by wallet compromises, key mismanagement, and operational issues, noting a clear shift in attack vectors from technical weaknesses to social vulnerabilities.
Social engineering emerges as top threat
Phishing scams, fraudulent schemes designed to trick users into revealing sensitive information like private keys, have become the crypto industry’s most damaging attack method. In 2024 alone, phishing accounted for over $1 billion in losses across 296 incidents, according to CertiK data.
One of the most high-profile incidents of 2025 involved a $330.7 million Bitcoin theft from an elderly U.S. individual, reported on April 30. The attacker reportedly used a social engineering scheme rather than hacking tools to drain the victim’s wallet.
These attacks often involve tactics like address poisoning, in which malicious actors impersonate wallet addresses to deceive users into sending funds to the wrong recipient without needing to compromise any underlying code.
Security shifting to the human layer
The surge in social engineering tactics may indicate improved security across decentralized finance (DeFi) protocols, Gu suggested. “Attackers always target the weakest point. Smart contracts or blockchain code itself was the weakest point, but now the attackers feel like the weakest points may come from human behavior rather than the code.
Gu stressed the need for the crypto industry to prioritize enhanced wallet security, access controls, and real-time transaction monitoring. He also called for better simulation tools to help users and developers test for potential risks before executing transactions.
Lazarus group behind largest exploit in history
The most significant loss in 2025 stemmed from the $1.4 billion Bybit exchange hack on February 21, which has been attributed to the North Korea-linked Lazarus Group. CertiK reported that the Bybit incident alone accounted for more than 60% of all crypto value lost so far this year.
In comparison, 2024 saw a total of $2.3 billion stolen across 760 onchain security incidents, according to CertiK’s annual Hack3d report. The shift toward exploiting users rather than code marks a new frontier in crypto security challenges as the industry matures.
