A staggering $2.1 billion has been stolen from the crypto space in 2025, but not through breaking smart contracts—instead, through breaking human trust. According to cybersecurity firm CertiK, the dominant threat vector this year has been social engineering, not code vulnerabilities.
Phishing schemes—where users are tricked into revealing private keys, seed phrases, or signing malicious transactions—now account for the bulk of attacks. These incidents are designed not to breach software, but to exploit human error and psychological manipulation.
The rise in wallet compromise incidents and fake links has become a systemic risk. As threats evolve, platforms and users alike face mounting pressure to implement better education, smarter interface warnings, and wallet-level security tools that can detect suspicious behavior before irreversible damage is done.
From Hacks to Hijacks: Wallet Errors Drive Crypto Losses
CertiK co-founder Ronghui Gu says 2025 marks a turning point in crypto security: “The majority of this $2.1 billion was caused by wallet compromises, key mismanagement, and operational issues,” Gu told reporters on June 2. The weakest link is no longer the code—it’s the user.
Phishing scams alone led to over $1 billion in losses in 2024 across nearly 300 incidents, and that number is growing in 2025. These schemes often involve address poisoning, spoofed wallet prompts, or fake customer support links, baiting victims into transferring funds to attacker-controlled wallets.
One of the year’s most shocking cases involved the theft of $330 million in Bitcoin from an elderly U.S. investor—an incident facilitated entirely by social engineering. This case underscores how crypto thieves are evolving beyond technical exploits and now targeting emotional vulnerability and user inexperience.
Social Engineering Surges as Code Gets Stronger
The pivot to psychological manipulation doesn’t mean DeFi is failing—rather, it suggests that the underlying infrastructure has grown more resilient. But as protocols become harder to exploit, attackers are shifting toward targeting human behavior.
Gu emphasized the urgency of investing in wallet-level protections, such as stronger access control systems, simulated transaction environments, and real-time monitoring that alerts users to anomalies before funds are moved.
The most devastating exploit of the year so far occurred on February 21, when the North Korean Lazarus Group executed a record-breaking $1.4 billion theft from Bybit—marking the largest single crypto heist in history. That one attack represents over 60% of total losses in 2025, showing that both advanced adversaries and social engineers remain active threats.
While high-profile breaches dominate headlines, the cumulative toll of smaller, user-targeted scams is growing—and may ultimately pose the larger long-term challenge.
Quick Facts
- Hackers stole over $2.1 billion in crypto in 2025, mostly through social engineering.
- Phishing and wallet mismanagement now account for the majority of losses.
- A single $1.4 billion Bybit hack by Lazarus Group marked the year’s biggest exploit.
- A $330 million Bitcoin scam targeting an elderly investor highlights growing human-centric threats.
- CertiK urges stronger wallet protections and real-time transaction simulation tools to counter evolving attacks.
