hackers exploit human behaviour: CertiK

Cryptocurrency hackers are moving away from exploiting smart contract vulnerabilities and targeting users through social engineering schemes, Web3 cybersecurity company CertiK said.
More than $2.1 billion has been stolen in cryptocurrency-related attacks so far in 2025, with the bulk of losses coming from wallet compromises and phishing attacks, according to CertiK.
Crypto phishing attacks are social engineering schemes where attackers share fraudulent links to steal victims’ sensitive information, such as the private keys to crypto wallets.
The increasing number of social engineering attacks suggests hackers are shifting attack vectors, according to Ronghui Gu, the co-founder of CertiK.
Related: Coinbase data leak could put users in physical danger: TechCrunch founder
CertiK observed a shift in attack patterns from smart contracts and blockchain infrastructure vulnerabilities to exploiting loopholes in human behavior, Gu told Cointelegraph during the Chain Reaction daily X spaces show on June 2, adding:
“The majority of this $2.1 billion was caused by wallet compromises, key mismanagement, and operational issues.”
Phishing scams cost the crypto industry over $1 billion across 296 incidents in 2024, making them the most costly attack vector for the industry, according to CertiK.
The cybersecurity expert’s comments come just a month after a social engineering scheme saw $330.7 million worth of Bitcoin (BTC) stolen from the wallet of an elderly US individual, Cointelegraph reported on April 30.
Social engineering schemes like address poisoning don’t require any hacking. Instead, attackers trick victims into sending assets to fraudulent wallet addresses.
Related: Hoskinson promises audit, is ‘deeply hurt’ by $600M Cardano treasury claims
Hackers always target the weakest link
While the rise of social engineering schemes is a concerning sign, it may be a signal of more robust decentralized finance (DeFi) protocols.
“Attackers always target the weakest point,” explained CertiK’s Gu, adding:
“Smart contracts or blockchain code itself was the weakest point, but now the attackers feel like the weakest points may come from human behavior rather than the code.”
Gu said the industry must now invest in better wallet security, access control, real-time transaction monitoring, and simulation tools to reduce future incidents.
The lion’s share of the stolen value in 2025 stemmed from the $1.4 billion Bybit exchange hack on Feb. 21, when the infamous North Korean Lazarus Group staged the largest exploit in crypto history.
That single incident accounted for more than 60% of the value lost in all crypto hacks in 2024, when the industry saw $2.3 billion stolen across 760 onchain security incidents, according to CertiK’s annual Hack3d report.
Magazine: Coinbase hack shows the law probably won’t protect you: Here’s why
Bitcoin (BTC) $ 108,974.00
Ethereum (ETH) $ 2,614.82
Tether (USDT) $ 1.00
XRP (XRP) $ 2.31
BNB (BNB) $ 660.49
Solana (SOL) $ 151.62
USDC (USDC) $ 0.999894
TRON (TRX) $ 0.287406
Dogecoin (DOGE) $ 0.171090
Lido Staked Ether (STETH) $ 2,613.53
Cardano (ADA) $ 0.588324
Wrapped Bitcoin (WBTC) $ 108,977.00
Hyperliquid (HYPE) $ 38.76
Wrapped stETH (WSTETH) $ 3,157.06
Sui (SUI) $ 2.90
Bitcoin Cash (BCH) $ 501.29
Chainlink (LINK) $ 13.96
LEO Token (LEO) $ 9.06
Stellar (XLM) $ 0.258437
Avalanche (AVAX) $ 18.36
USDS (USDS) $ 0.999915
Wrapped eETH (WEETH) $ 2,802.29
Shiba Inu (SHIB) $ 0.000012
Toncoin (TON) $ 2.80
Hedera (HBAR) $ 0.161010
WETH (WETH) $ 2,615.75
Litecoin (LTC) $ 87.87
WhiteBIT Coin (WBT) $ 44.86
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999965
Monero (XMR) $ 317.22
Coinbase Wrapped BTC (CBBTC) $ 109,034.00
Ethena USDe (USDE) $ 1.00
Polkadot (DOT) $ 3.45
Bitget Token (BGB) $ 4.34
Uniswap (UNI) $ 7.64
Aave (AAVE) $ 293.30
Pepe (PEPE) $ 0.000010
Dai (DAI) $ 1.00
Pi Network (PI) $ 0.459403
Ethena Staked USDe (SUSDE) $ 1.18
Bittensor (TAO) $ 320.22
Cronos (CRO) $ 0.095482
OKB (OKB) $ 48.24
Aptos (APT) $ 4.47
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
NEAR Protocol (NEAR) $ 2.24
Jito Staked SOL (JITOSOL) $ 184.17
Ethereum Classic (ETC) $ 16.96
Internet Computer (ICP) $ 4.83
Ondo (ONDO) $ 0.802059
sUSDS (SUSDS) $ 1.06
USD1 (USD1) $ 0.999850
Kaspa (KAS) $ 0.077651
Fasttoken (FTN) $ 4.45
Mantle (MNT) $ 0.569070
Cosmos Hub (ATOM) $ 4.13
Gate (GT) $ 15.65
VeChain (VET) $ 0.020881
Artificial Superintelligence Alliance (FET) $ 0.675297
POL (ex-MATIC) (POL) $ 0.194902
Official Trump (TRUMP) $ 8.62
Sky (SKY) $ 0.080059
Bonk (BONK) $ 0.000022
Ethena (ENA) $ 0.265166
Arbitrum (ARB) $ 0.337433
Render (RENDER) $ 3.19
Lombard Staked BTC (LBTC) $ 109,026.00
Binance-Peg WETH (WETH) $ 2,614.28
Filecoin (FIL) $ 2.31
Algorand (ALGO) $ 0.179991
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.52
Worldcoin (WLD) $ 0.875013
USDtb (USDTB) $ 1.00
First Digital USD (FDUSD) $ 1.00
Sei (SEI) $ 0.258934
Binance Staked SOL (BNSOL) $ 160.73
KuCoin (KCS) $ 11.10
USDT0 (USDT0) $ 1.00
Jupiter (JUP) $ 0.431142
SPX6900 (SPX) $ 1.39
Kelp DAO Restaked ETH (RSETH) $ 2,741.78
Rocket Pool ETH (RETH) $ 2,980.26
NEXO (NEXO) $ 1.22
Celestia (TIA) $ 1.60
Flare (FLR) $ 0.016163
Tokenize Xchange (TKX) $ 14.03
Polygon Bridged USDT (Polygon) (USDT) $ 0.999991
XDC Network (XDC) $ 0.065466
Fartcoin (FARTCOIN) $ 1.06
Injective (INJ) $ 10.42
Mantle Staked Ether (METH) $ 2,786.86
Stacks (STX) $ 0.654926
Binance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999973
Solv Protocol BTC (SOLVBTC) $ 108,752.00
StakeWise Staked ETH (OSETH) $ 2,747.47
Sonic (S) $ 0.304423
Virtuals Protocol (VIRTUAL) $ 1.47
Optimism (OP) $ 0.548770
SyrupUSDC (SYRUPUSDC) $ 1.11
Pudgy Penguins (PENGU) $ 0.015006