Crypto 2025: When hackers identified the human weak point

Although 2025 recorded a record number of losses due to security breaches in the cryptocurrency sector, a thorough analysis of the data revealed something unexpected: the majority of these disasters were not caused by broken smart contract code, but by human errors and social manipulation. This marks a fundamental shift in how cyberattacks on crypto occur, raising entirely different questions about where the industry should focus its defensive efforts.

From protocols to people: The shift in attack patterns

The nature of crypto attacks has changed dramatically. Where cybercriminals years ago focused on finding vulnerabilities in blockchain infrastructure and protocol code, they now primarily target end users. Security experts, including Mitchell Amador from the on-chain security platform Immunefi, demonstrate this with a striking observation: while 2025 was indeed the worst year ever for crypto-related losses, hardly any of these were the result of protocol exploits.

“Despite 2025 being the worst year ever for hacks, these hacks are the result of operational errors in Web2 and not on-chain code,” Amador told CoinDesk. This distinction is crucial because it suggests something counterintuitive: blockchain security is actually improving, even as total losses increase.

The actual attack vectors in 2025 were low-tech but highly effective: stolen passwords, compromised devices, deceived employees, and impersonated support staff. In other words: no poorly written code, but human mistakes.

$17 billion lost to scams: The numbers behind crypto scams

Chainalysis’s figures tell an astonishing story about the nature of crime in 2025. According to the Crypto Crime Report 2026 by the analytics firm, approximately $17 billion in crypto was lost to scams and fraud in 2025 – significantly more than in previous years.

What makes these losses even more alarming is that the fastest growth occurred in impersonation schemes. Fake accounts and impersonation frauds where criminals pose as legitimate support teams or trusted contacts showed an explosive growth of 1,400% year-over-year. AI-driven schemes also proved to be remarkably effective, with AI-assisted fraud generating 450% more profit than traditional social engineering attacks.

A recent case highlighting this trend was a social engineering attack revealed last month. The hacker managed to steal $282 million in litecoin and bitcoin from a single victim through manipulation and deception. The thief obtained 2.05 million LTC and 1,459 BTC, which were quickly converted into monero via multiple privacy-focused exchange services – a tactical choice that effectively concealed the transactions.

Why DeFi code is becoming harder to exploit

A paradox emerges from the security trends of 2025: despite increasing total losses, on-chain protocols and DeFi systems are actually becoming stronger. This reflects years of improved code audits, formal verification, and community-driven security initiatives.

“Blockchain security is improving significantly and will continue to do so,” Amador said. “From the perspective of DeFi and on-chain protocol code, I believe 2026 will be the best year so far for on-chain security.”

This forces criminals to adapt their tactics. Instead of spending years finding exploits in smart contract logic, the underworld now benefits from simpler, much faster-to-execute attacks targeting human victims. Blockchain security has become more robust; criminals have only become more creative.

AI as a double-edged sword in crypto security

The most concerning future scenario in 2026 involves the rise of artificial intelligence on both sides of cybersecurity battles. Defenders will increasingly rely on AI-powered monitoring and incident response operating at machine speed. At the same time, attackers will use the same tools for vulnerability research, exploit development, and mass social manipulation.

However, Amador issues an even more alarming warning that goes beyond traditional wallets and contracts. As crypto increasingly integrates autonomous AI agents – autonomous trading systems, liquidity managers, and governance agents – a whole new attack surface emerges.

“This opens a new attack surface,” Amador explained. “On-chain AI agents can be faster and more powerful than human operators, and they are uniquely vulnerable to manipulation if their access points or control layers are compromised.”

The sector is still in its infancy regarding the security of autonomous active agents. This is expected to become one of the most critical security issues in the current market cycle.

The crucial defense gaps of 2025

As criminals become more sophisticated, the industry’s defense line lags behind. Amador’s assessment reveals serious shortcomings: more than 90 percent of all cryptocurrency projects still contain critical, directly exploitable vulnerabilities in their code. But even where defensive tools are available, adoption remains low.

Less than 1 percent of the crypto sector uses firewalls for transaction filtering. Less than 10 percent implement AI-driven anomaly detection. This suggests that many projects – despite available tools – have not yet fully implemented their defenses.

2025 as a turning point: What comes next?

The security issues uncovered in 2025 point to a radical reorientation of how crypto security should be approached in the future. It is no longer primarily a matter of better smart contract audits – although those remain important. It becomes a matter of corporate security, user education, identity verification, and operational hygiene.

Cryptocurrency security is shifting from the blockchain itself to user interfaces, employee controls, monitoring systems, and fundamentally: mindset. While criminals increasingly focus on psychology and social engineering, defenders must also reorganize their defenses. 2025 clearly demonstrated that in crypto, as in traditional cybersecurity, the weakest link is still the human element – both on the side of attackers and those trying to defend themselves.