Worst Crypto of 2025: It's About the Issue, Not the Code—This is Doge's Style in Viewing the Problem

2025 could be the worst year in crypto security records, but—and this is important—the problem isn’t with those expensive on-chain smart contracts or protocols. The issue is simple: humans. Web2-style operational mistakes like weak passwords, social engineering, and manipulated employees dominate this year’s crypto losses. Chainalysis just reported $17 billion lost from scams and fraud last year, mainly from fake identity schemes and AI-based tactics. This isn’t a story of broken code—it’s a story of disturbed people.

Fraud Up 1,400%: Data Showing Real Change

Chainalysis data highlights a striking shift in how crypto crimes occur. Fake identity scams have surged 1,400% year-over-year, while AI-based scams show profitability 450% higher than traditional schemes. These aren’t small numbers—they’re proof that criminals have adapted. They’re no longer trying hard to crack increasingly difficult on-chain codes. Instead, they target you: individuals, operators, tired employees, or those one wrong click away.

Mitchell Amador, CEO of on-chain security platform Immunefi, offers a direct perspective: “While 2025 is the worst year for hacking, those losses stem from Web2 operational failures, not on-chain code.” The difference isn’t just semantic—it’s an intriguing contradiction. On-chain security is actually improving, even as crypto losses continue to grow. Blockchain systems are becoming more resilient, but criminals are getting smarter.

$282 Million Lost: When Social Engineering Beats Encryption

The most striking example last month demonstrated the power of social engineering. Blockchain researcher ZachXBT uncovered a crime where hackers stole $282 million in Bitcoin and Litecoin through pure social manipulation. Victims lost 2.05 million LTC (currently worth about $68.17 per coin) and 1,459 BTC (currently priced at $88.35K per coin) after being duped via social engineering tactics. The stolen funds were immediately exchanged for Monero through instant exchange services to hide traces.

This is a perfect example of what Amador means: “With codes becoming harder to exploit, the main attack surface in 2026 will be humans. The human factor is now the weak point that security experts and Web3 actors must prioritize.”

On-Chain Security Is Improving—But the Industry Is Falling Behind

The paradox is this: even as crypto losses increase, on-chain security is also improving. DeFi and protocol code are becoming harder to exploit. Amador believes: “On-chain security is improving dramatically and will continue to do so. From a DeFi and on-chain protocol code perspective, I believe 2026 will be the best year for on-chain security.”

But there’s a big catch. “Over 90% of projects still have critical vulnerabilities that can be exploited,” Amador says. Even when defensive tools are available, adoption remains minimal. “Less than 1% of the industry uses firewalls, and fewer than 10% use AI detection tools.” This gap between technical capability and practical execution is concerning.

AI Is Changing the Game on Both Sides

Amador’s biggest prediction for 2026: “AI will change the pace of security on both sides. Defenders will increasingly rely on AI-driven monitoring and response operating at machine speed, while attackers will use the same tools for vulnerability research, exploit development, and massive social engineering.”

But the most visionary warning isn’t about that. It’s about on-chain AI agents—systems that are starting to make decisions on the blockchain themselves. “On-chain AI agents can operate faster and more powerfully than human operators, and they have unique vulnerabilities to manipulation if their access pathways or control layers are compromised,” Amador explains. “We are still in the early stages of learning how to properly secure these agents, and that will be one of the main security challenges in the next cycle.”

The Crypto Security Battle Is No Longer Just On-Chain—It’s About Systems

The story of cryptocurrency security is changing direction. Not toward weakness—but toward more sophisticated, personalized threats. The fight is no longer just in blockchain code or smart contracts. It now happens through user interfaces, corporate controls, monitoring systems, and education. Passwords, keys, hacked devices, manipulated employees, fake support agents—these are the new battlegrounds.

Chainalysis data shows scammers are becoming more skilled at draining value from individuals. Amador’s perspective indicates protocols are improving at resisting code exploits. Together, this paints a future where crypto security isn’t just about technology but about human systems, processes, and awareness. That’s how Doge sees it: simple in concept, but not easy in practice.