The Paradox of Cryptocurrency Security: Fake Hacks Become the Real Threat in 2025

The year 2025 was a record-breaking year for the cryptocurrency industry in terms of damages. Surprisingly, most of these massive losses did not originate from code flaws in smart contracts. Instead, they were caused by “fake hacks”—such as password theft, identity theft, and social engineering—that target humans rather than technology. This runs counter to intuition. On-chain security continues to improve, so why do losses keep increasing? The answer lies in the changing tactics of criminals.

Chainalysis’s latest report clearly reveals this paradox. In 2025, $17 billion in cryptocurrency was lost, but most of it was not due to direct on-chain protocol attacks, rather scams targeting individual users. Identity theft scams, a typical form of fake hacking, surged by 1,400% compared to the previous year, and AI-powered methods yielded 450% higher returns than traditional techniques. According to blockchain analyst ZachXBT last month, a single hacker stole 2.05 million Litecoin and 14,59 Bitcoin (totaling $282 million) solely through social engineering. The funds were immediately converted into privacy coins, making them untraceable.

Mitchell Amador, CEO of on-chain security platform Immunefi, described this phenomenon as “the battlefield of security shifting.” As protocol-level defenses become more robust, attackers are turning to more vulnerable targets—humans.

Fraudulent Crimes Overtake Technical Hacks

The moment when fake hacking threats surpass actual technical attacks has arrived. Chainalysis’s data is clear. In 2025, the primary causes of cryptocurrency losses are identity theft and impersonation, followed by traditional on-chain hacking. Criminals are focusing on exploiting individual users rather than infrastructure.

The surge in identity theft scams is no coincidence. The 1,400% growth indicates that criminals have discovered a more effective approach—targeting individual users with fake hacks that have higher success rates and lower risk of punishment than protocol attacks.

Humans at the Frontline of Attacks

As security experts point out, on-chain code is becoming increasingly “difficult to exploit.” Amador clarified: “The main attack surface in 2026 will be humans.”

Codes are repaired, patched, and monitored. But humans? Humans are easy to deceive. Disguised emails, manipulated support staff, compromised employees—all are weapons of fake hacking. Password theft, compromised devices, false support agents. Human error, not broken code, has caused the greatest losses.

Despite this, the industry remains passive in adopting defensive tools. Amador revealed shocking statistics: over 90% of projects still have critical vulnerabilities, fewer than 1% use firewalls, and less than 10% utilize AI detection tools. Even as fake hacking threats increase, defensive systems remain stagnant.

AI as a Double-Edged Sword

The future looks more complex, as the advent of AI fundamentally changes both attack and defense.

On the defensive side, AI enables rapid monitoring and response. Large-scale transaction pattern analysis, suspicious activity detection, real-time threat response—all can be performed faster than humans by AI.

But attackers also wield the same tools. They can automate vulnerability scans, craft more sophisticated social engineering tactics, and scale up fake hacking operations. Chainalysis’s report that “AI-based methods yield 450% higher returns” proves this. AI-driven fake hacks are becoming more personalized, convincing, and efficient.

On-Chain Agents: A New Frontier of Vulnerability

Mitchell Amador issued a highly forward-looking warning about on-chain AI agents.

Once protocols reach the stage of automatic decision-making, a new attack surface opens. On-chain AI agents are faster and more powerful than human operators but are also extremely vulnerable to manipulation if control layers are compromised. This elevates fake hacking to a new level—where technical hacking and human manipulation combine.

“Learning how to properly protect agents is still in its early stages,” Amador warned. In other words, we are not yet prepared for this new threat.

The Paradox of Security Era

The conclusion from the data of 2025 is simple but uncomfortable: as technological security improves, human security failures become more prominent. On-chain protocols are becoming more robust. Instead, criminals are targeting people. We are entering an era where fake hacks are more profitable than real hacks.

Amador emphasized: “2026 will be the best year for on-chain security,” yet simultaneously, “the main attack surface is humans”—a paradox. The reason for the simultaneous increase in cryptocurrency losses and improvements in on-chain security lies here.

Future genuine security improvements will not be achieved by simply fixing code. User interface enhancements, corporate access controls, real-time monitoring systems, and above all, user education are essential. As the threat of fake hacking grows, the industry must prioritize defending against “human hacking.” The era where on-chain security alone is sufficient has passed.