Crypto scammers have adapted their methods. A new report from CertiK reveals that crypto hacks increasingly target victims through social engineering to extract sensitive information, rather than exploiting contract vulnerabilities.
In 2025, more than $2.2 billion has been reported stolen by crypto hackers, with a large portion of these incidents attributed to phishing attacks and wallet compromises. Notably, certain major incidents significantly inflated total losses, linking them to state-sponsored actors or flaws in critical infrastructure.
Key incidents include attacks on Bybit and Cetus Protocol, which collectively accounted for approximately $1.78 billion of total losses this year. The Bybit incident alone, occurring in February 2025, resulted in losses of $1.5 billion. In the case of Cetus Protocol, hackers manipulated prices and used spoofed tokens, leading to a $225 million loss; however, Sui validators managed to recover $162 million of this amount.
#CertiKInsight 🚨 As of 2025, blockchain incidents have led to an estimated $2.1B in losses. The predominant causes of these losses stem from wallet compromises and phishing attacks. As data leaks increase, it is crucial to stay vigilant.
pic.twitter.com/Cjm6QFHWqX — CertiK Alert (@CertiKAlert) May 23, 2025
Phishing attacks involve scammers sharing deceptive links with victims to gain access to sensitive information, including private keys to crypto wallets. Ronghui Gu, CertiK’s co-founder, notes that the increase in phishing tactics indicates a shift in scammers’ approaches.
Trend of Wallet Breaches Becomes Alarming
Between January and June 2025, CertiK documented 334 attacks, resulting in a staggering loss of $2.47 billion, with wallet breaches accounting for $1.7 billion across merely 34 attacks. CertiK warns that while private key breaches have decreased, the rising trend of wallet breaches is concerning.
Social engineering methods now pose a significant threat. Techniques such as address poisoning do not necessitate hacking; victims simply send assets to fraudulent wallet addresses. An example is a Bitcoin whale who fell victim to a phishing scam on April 30, 2025, suffering a devastating $330 million loss, excluding high-profile attacks on Bybit and Cetus, which pushes total losses close to last year’s figures.
The Ethereum blockchain appears to be the most impacted, recording 175 security-related events with losses exceeding $1.6 billion.
Crypto Hacks Exploit Code Vulnerabilities
CertiK has also observed a significant spike in losses attributed to smart contract vulnerabilities, incurring damages of $229 million in May alone, a dramatic rise from $5 million in April.
1/🔓 Major threats in Q2: • Phishing - $395M
• Code vulnerabilities - $236M
• Wallet compromise - $112M
📉 Despite these losses, total incidents fell by 29% quarter over quarter. — CertiK (@CertiK) June 30, 2025
Physical attacks on crypto holders are reportedly increasing in brutality, with 32 wrench attacks already noted this year, suggesting 2025 may surpass 2021’s record of 36. Noteworthy cases include the kidnapping and assault of Ledger co-founder David Balland during a ransom attempt. Impostors posing as couriers abducted a trader’s father, mutilating him and demanding €7 million, while kidnappers attempted to take Paymium CEO Pierre Noizat’s daughter and grandson. Moreover, kidnappers in Las Vegas drove a victim into the Arizona desert.
Key Takeaways
- Crypto hackers now employ social engineering to extract sensitive information.\
- $2.2B lost to crypto scams in H1 2025.\
- 334 attacks with a total loss of $2.47 billion recorded from January to June 2025.
