Crypto Hacks in 2025 Exceed $2.1B as Social Engineering Overtakes Smart Contract Exploits

In 2025, the cryptocurrency industry has experienced severe security setbacks, with over $2.1 billion lost to various cyberattacks, according to Web3 security firm CertiK. A major trend identified is a shift in hacker tactics—from targeting smart contract vulnerabilities to focusing on individual users through social engineering.

CertiK co-founder Ronghui Gu stated that most of the crypto losses now arise from wallet compromises, private key mismanagement, and operational errors, rather than weaknesses in blockchain protocols themselves.

Phishing attacks remain the top threat, accounting for over $1 billion in losses across 296 incidents in 2024 alone. These attacks often involve tricking users into revealing sensitive credentials or signing malicious transactions.

The largest incident in 2025 was the $1.4 billion hack of the Bybit exchange on February 21, allegedly carried out by the North Korean Lazarus Group. This breach alone represents more than 60% of all crypto-related losses this year.

Gu stresses that as smart contract platforms mature and become more secure, human error and user behavior remain the biggest vulnerabilities. He urges the industry to prioritize wallet-level security, access control systems, and real-time transaction monitoring to defend against these evolving threats.