By 2025, Smart Contracts Proven to Be Safer, But Humans Become the Main Target for Hackers

The crypto security paradox is being revealed: although 2025 records the worst losses due to hacks, the main cause is not flaws in smart contracts or on-chain protocols, but rather Web2-level operational failures—password theft, social engineering, and human weaknesses. Mitchell Amador, CEO of on-chain security platform Immunefi, revealed in an exclusive interview that these mistakes actually indicate the opposite: smart contract and on-chain protocol security are continuing to improve dramatically.

“Although crypto losses are increasing on the surface, on-chain security is experiencing significant improvements,” said Amador. “From the perspective of protocols and smart contracts, 2026 will be the best era for on-chain security.” This shift reflects the evolution of the threat landscape: as smart contracts become increasingly difficult to exploit, attackers have adapted with more sophisticated yet less technical strategies.

Identity Fraud Surges 1,400%: Threats Beyond Technical Vulnerabilities

The 2026 Crypto Crime Report from Chainalysis—released earlier this year—captures this transformation with striking data. About 170 billion rupiah in crypto assets (equivalent to $17 billion USD) were lost due to scams and fraud in 2025, with identity falsification tactics, advanced social engineering, and artificial intelligence playing key roles in helping scammers scale their operations.

Identity impersonation scams alone show an astonishing annual increase of 1,400%. Meanwhile, AI-powered schemes proved to be 450% more profitable than traditional scams. One concrete example is an incident uncovered earlier this month, when blockchain researcher ZachXBT revealed an advanced social engineering attack: a hacker managed to steal assets worth $282 million in litecoin and bitcoin. The victims lost 2.05 million LTC and 1,459 BTC simultaneously, which were then immediately converted into monero through various instant exchanges.

Chainalysis data shows a clear trend: criminals are now more often targeting individuals through manipulation rather than attacking technical infrastructure.

Smart Contracts Becoming More Resilient: On-Chain Security Gains Priority

The resilience of modern smart contracts creates an intriguing landscape for security experts. On-chain protocols and smart contracts have evolved to become much harder to exploit than in previous years. Amador emphasizes that with code becoming increasingly less penetrable, the main attack surface in 2026 has shifted to human factors.

“Humans are now the most critical weak point,” he said. “This is a domain where on-chain security experts and Web3 leaders must shift their focus.” However, Amador issues an important warning: the industry is still far from safe. “Over 90% of projects still carry critical vulnerabilities that can be exploited by experienced attackers,” he stated. “Even when defense tools are available, adoption remains very low—less than 1% of the industry uses firewalls, and fewer than 10% implement AI-based detection tools.”

The gap between the availability of defense tools and their adoption creates a false sense of security: while certain smart contracts have been refined through rigorous audits and best practices, most projects still operate with minimal protection standards.

AI Changes the Game: Machine Speed vs Human Response

By 2026, artificial intelligence will be a decisive factor on both sides of the security battle. Defenders will increasingly rely on AI-driven monitoring and response operating at machine speed, while attackers will use the same technology for vulnerability research, exploit development, and massive social engineering campaigns.

However, Amador’s most profound warning is not about traditional smart contracts or digital wallets. It’s about the next era: autonomous on-chain AI agents. “This opens up a completely new attack surface,” he explained. “On-chain AI agents can move faster and with greater utility than human operators, but they have unique vulnerabilities to manipulation if their access pathways or control layers are compromised.”

“We are still in the early stages of understanding how to properly secure these agents,” he added. “This will be one of the biggest security challenges in the next market cycle.”

The Security Battle Shifts from On-Chain to Operational Layers

Together, data from Chainalysis shows that scammers are becoming more skilled at extracting value from individuals, while Amador’s observations indicate that on-chain protocols are becoming increasingly resistant to pure code exploits. This combination paints a future where the crypto security battle is no longer won on-chain, but through user interfaces, corporate controls, monitoring systems, and user education.

Smart contracts may become more secure from a technical perspective, but the crypto ecosystem as a whole faces an era where security depends more on organizational factors, behavior, and AI-based automated responses than on perfect code alone. This presents a larger and more complex challenge than ever before.