hackers exploit human behaviour: CertiK
Cryptocurrency hackers are moving away from exploiting smart contract vulnerabilities and targeting users through social engineering schemes, Web3 cybersecurity company CertiK said.
More than $2.1 billion has been stolen in cryptocurrency-related attacks so far in 2025, with the bulk of losses coming from wallet compromises and phishing attacks, according to CertiK.
Crypto phishing attacks are social engineering schemes where attackers share fraudulent links to steal victims’ sensitive information, such as the private keys to crypto wallets.
The increasing number of social engineering attacks suggests hackers are shifting attack vectors, according to Ronghui Gu, the co-founder of CertiK.
Related: Coinbase data leak could put users in physical danger: TechCrunch founder
CertiK observed a shift in attack patterns from smart contracts and blockchain infrastructure vulnerabilities to exploiting loopholes in human behavior, Gu told Cointelegraph during the Chain Reaction daily X spaces show on June 2, adding:
“The majority of this $2.1 billion was caused by wallet compromises, key mismanagement, and operational issues.”
Phishing scams cost the crypto industry over $1 billion across 296 incidents in 2024, making them the most costly attack vector for the industry, according to CertiK.
The cybersecurity expert’s comments come just a month after a social engineering scheme saw $330.7 million worth of Bitcoin (BTC) stolen from the wallet of an elderly US individual, Cointelegraph reported on April 30.
Social engineering schemes like address poisoning don’t require any hacking. Instead, attackers trick victims into sending assets to fraudulent wallet addresses.
Related: Hoskinson promises audit, is ‘deeply hurt’ by $600M Cardano treasury claims
Hackers always target the weakest link
While the rise of social engineering schemes is a concerning sign, it may be a signal of more robust decentralized finance (DeFi) protocols.
“Attackers always target the weakest point,” explained CertiK’s Gu, adding:
“Smart contracts or blockchain code itself was the weakest point, but now the attackers feel like the weakest points may come from human behavior rather than the code.”
Gu said the industry must now invest in better wallet security, access control, real-time transaction monitoring, and simulation tools to reduce future incidents.
The lion’s share of the stolen value in 2025 stemmed from the $1.4 billion Bybit exchange hack on Feb. 21, when the infamous North Korean Lazarus Group staged the largest exploit in crypto history.
That single incident accounted for more than 60% of the value lost in all crypto hacks in 2024, when the industry saw $2.3 billion stolen across 760 onchain security incidents, according to CertiK’s annual Hack3d report.
Magazine: Coinbase hack shows the law probably won’t protect you: Here’s why
Bitcoin (BTC) $ 104,236.00
Ethereum (ETH) $ 2,497.72
Tether (USDT) $ 1.00
XRP (XRP) $ 2.15
BNB (BNB) $ 640.72
Solana (SOL) $ 143.48
USDC (USDC) $ 0.999805
TRON (TRX) $ 0.273327
Dogecoin (DOGE) $ 0.168282
Lido Staked Ether (STETH) $ 2,495.84
Cardano (ADA) $ 0.592278
Wrapped Bitcoin (WBTC) $ 104,201.00
Hyperliquid (HYPE) $ 36.33
Wrapped stETH (WSTETH) $ 3,014.61
Bitcoin Cash (BCH) $ 483.72
Sui (SUI) $ 2.81
Chainlink (LINK) $ 12.98
LEO Token (LEO) $ 8.90
Stellar (XLM) $ 0.248712
Avalanche (AVAX) $ 17.72
Toncoin (TON) $ 2.92
WhiteBIT Coin (WBT) $ 49.46
USDS (USDS) $ 0.999881
Shiba Inu (SHIB) $ 0.000012
WETH (WETH) $ 2,498.87
Wrapped eETH (WEETH) $ 2,676.23
Litecoin (LTC) $ 84.70
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999949
Hedera (HBAR) $ 0.145230
Monero (XMR) $ 316.85
Ethena USDe (USDE) $ 1.00
Polkadot (DOT) $ 3.54
Bitget Token (BGB) $ 4.25
Coinbase Wrapped BTC (CBBTC) $ 104,263.00
Uniswap (UNI) $ 7.49
Pepe (PEPE) $ 0.000010
Pi Network (PI) $ 0.527016
Aave (AAVE) $ 251.54
Dai (DAI) $ 0.999716
Ethena Staked USDe (SUSDE) $ 1.18
OKB (OKB) $ 53.21
Bittensor (TAO) $ 351.61
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Aptos (APT) $ 4.40
Cronos (CRO) $ 0.090104
Internet Computer (ICP) $ 5.00
NEAR Protocol (NEAR) $ 2.16
Jito Staked SOL (JITOSOL) $ 173.72
sUSDS (SUSDS) $ 1.06
Ethereum Classic (ETC) $ 16.48
Ondo (ONDO) $ 0.764058
Tokenize Xchange (TKX) $ 29.32
USD1 (USD1) $ 1.00
Mantle (MNT) $ 0.617403
Gate (GT) $ 15.70
Fasttoken (FTN) $ 4.40
Official Trump (TRUMP) $ 9.24
VeChain (VET) $ 0.021376
Kaspa (KAS) $ 0.069077
Cosmos Hub (ATOM) $ 3.99
Artificial Superintelligence Alliance (FET) $ 0.681618
Lombard Staked BTC (LBTC) $ 104,225.00
Sky (SKY) $ 0.081666
Ethena (ENA) $ 0.282306
POL (ex-MATIC) (POL) $ 0.186630
Render (RENDER) $ 3.19
Filecoin (FIL) $ 2.33
USDT0 (USDT0) $ 1.00
Worldcoin (WLD) $ 0.930733
Binance-Peg WETH (WETH) $ 2,497.77
First Digital USD (FDUSD) $ 0.997353
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.34
Arbitrum (ARB) $ 0.299733
USDtb (USDTB) $ 0.999729
Algorand (ALGO) $ 0.168183
Quant (QNT) $ 98.18
KuCoin (KCS) $ 11.04
Binance Staked SOL (BNSOL) $ 151.91
SPX6900 (SPX) $ 1.34
NEXO (NEXO) $ 1.21
Flare (FLR) $ 0.017511
Rocket Pool ETH (RETH) $ 2,843.48
Jupiter (JUP) $ 0.400225
Kelp DAO Restaked ETH (RSETH) $ 2,614.32
Injective (INJ) $ 11.33
Celestia (TIA) $ 1.63
Virtuals Protocol (VIRTUAL) $ 1.67
Bonk (BONK) $ 0.000014
Sei (SEI) $ 0.187377
Polygon Bridged USDT (Polygon) (USDT) $ 1.00
Fartcoin (FARTCOIN) $ 1.01
Sonic (S) $ 0.318772
Binance Bridged USDC (BNB Smart Chain) (USDC) $ 1.00
Kaia (KAIA) $ 0.169272
Optimism (OP) $ 0.560720
AB (AB) $ 0.014820
PayPal USD (PYUSD) $ 0.999658
Stacks (STX) $ 0.609426
XDC Network (XDC) $ 0.057328
Mantle Staked Ether (METH) $ 2,671.54
