Cryptocurrency Security Year: Smart Contract Vulnerabilities Decrease, but Human Fraud Surges by 1400%

2025 will be the year with the most hacks in cryptocurrency history, but the story behind the numbers is more complex than it appears. Although the number of security breaches hit a new high, according to Mitchell Amador, CEO of security platform Immunefi, these hacks are not due to flaws in smart contracts or blockchain code, but rather human errors at the traditional Web2 operational layer. Passwords are stolen, devices are compromised, employees are manipulated—the real culprits are people, not code.

This shift marks a fundamental change in the landscape of crypto security. While 2025 set a record for hacking incidents, ironically, the security of blockchain itself is continuously improving. “Although 2025 became the year with the most hacks in history, these breaches stem from Web2 operational mistakes rather than on-chain code vulnerabilities,” Amador told CoinDesk in an exclusive interview. This distinction is crucial because it reveals a paradox: even as losses of crypto assets increase, blockchain security defenses are strengthening.

The Truth Behind the Wave of Hacks: From Infrastructure Attacks to Targeting Individuals

According to the 2026 Crypto Crime Report by blockchain analysis firm Chainalysis, hackers’ tactics are shifting noticeably. Instead of attacking infrastructure like exchanges or protocols, targeting individual users directly yields higher profits. In 2025, approximately $1.7 billion worth of crypto assets were stolen through fraud and scams, far exceeding losses caused by smart contract code vulnerabilities.

Chainalysis data reveals a shocking trend: identity impersonation fraud increased by 1400% in just one year. Meanwhile, scams involving artificial intelligence are 450% more profitable than traditional fraud. Social engineering, fake identities, and AI-assisted schemes are becoming the tools of choice for criminals, shifting the focus from protocols themselves to their users.

From smart contracts to humans—shifting security concerns

A recent case vividly illustrates this trend. Blockchain researcher ZachXBT reported that an attacker successfully stole $282 million worth of crypto assets through social engineering, including 2.05 million Litecoin and 14,590 Bitcoin. The funds were quickly exchanged for privacy coins like Monero and routed through multiple rapid exchanges into the dark web. This was not a smart contract hack; it was a human deception.

Amador believes this shift stems from a key fact: as code becomes harder to exploit, attackers are adjusting their tactics. “When code becomes less exploitable by hackers, humans become the primary attack vector in 2026,” he said. “The human factor is now the weak link that blockchain security experts and Web3 participants must prioritize.”

But security professionals cannot rest easy. Amador warns that although smart contract security is improving, over 90% of projects still have serious vulnerabilities that can be exploited. Even more concerning, despite the availability of defensive tools, adoption remains alarmingly low—less than 1% of the industry deploys firewall technology, and fewer than 10% use AI-based detection tools.

Artificial Intelligence reshaping the security chessboard: Guardians and threats accelerating

In 2026, AI will simultaneously change the pace of security from two directions. On one hand, defenders will increasingly rely on AI-driven monitoring and response systems capable of operating at machine speed. On the other hand, malicious actors are leveraging the same technology to discover vulnerabilities, develop exploits, and execute large-scale social engineering attacks.

However, Amador’s most forward-looking warning is not about traditional code vulnerabilities but about emerging new threats: onchain AI agents. “This opens up a whole new attack surface,” he said. “Onchain AI agents operate faster and more efficiently than human operators, but if their access paths or permissions are compromised, they are particularly vulnerable to manipulation.”

This new threat represents a fundamental challenge for crypto security. “We are still in the early stages of understanding how to properly protect these agents,” Amador added. “This will be one of the most defining security tasks in the next cycle.”

Security outlook for 2026: focusing on people and systems

Chainalysis data shows that hackers are becoming more sophisticated in extracting value from individuals. Amador’s perspective points in another direction: protocols are becoming more resistant to pure code vulnerabilities. The combination indicates a clear future: the main battleground for crypto security is no longer onchain, but shifts toward user interfaces, enterprise controls, monitoring systems, and education.

Although 2025 set a record for the number of breaches, the overall security trajectory is not downward. On the contrary, as attackers become more skilled and targeted, defenders must go beyond smart contract security and invest more in personnel training, social engineering defenses, and AI agent governance. The future of crypto security will be determined by human vigilance and system resilience.