Web3 security company CertiK has stated that cryptocurrency hackers are shifting from exploiting smart contract vulnerabilities to attacking users through social engineering techniques.

According to CertiK's data, from 2025 to date, cryptocurrency-related attacks have resulted in over $2.1 billion in losses, with most of the losses stemming from wallet leaks and phishing attacks.

Cryptocurrency phishing attacks are a form of social engineering where attackers steal victims' sensitive information, such as the private keys of crypto wallets, by sharing fraudulent links.

Ronghui Gu, co-founder of CertiK, stated that the increase in social engineering attacks indicates that hackers are changing their methods of attack.

Ronghui mentioned in an interview with Cointelegraph on the Chain Reaction Daily X Spaces program on June 2 that the shift in attack patterns has moved from vulnerabilities in smart contracts and blockchain infrastructure to exploiting human behavioral vulnerabilities. He added:

"Most of the $2.1 billion in losses is due to wallet leaks, poor key management, and operational issues."

According to CertiK's data, phishing scams resulted in over $1 billion in losses for the crypto industry in 2024 across 296 incidents, making it the most damaging attack method in the industry.

The cybersecurity expert's comments come just a month after Cointelegraph reported on April 30 about a social engineering scam that led to the theft of $330.7 million worth of Bitcoin (BTC) from the wallet of an elderly American.

Social engineering scams like address poisoning do not require any hacking skills. Instead, attackers trick victims into sending assets to fraudulent wallet addresses.

While the increase in social engineering scams is a concerning sign, it may also indicate that decentralized finance (DeFi) protocols are becoming more robust.

Ronghui explained, "Attackers always target the weakest points," adding:

"Smart contracts or blockchain code itself used to be the weakest link, but now attackers feel that the weakest points may come from human behavior rather than code."

Ronghui stated that the industry must now invest in better wallet security, access control, real-time transaction monitoring, and simulation tools to reduce future incidents.

The largest portion of the stolen value in 2025 came from a $1.4 billion hack of the Bybit exchange on February 21, when the notorious North Korean Lazarus Group executed the largest vulnerability attack in crypto history.

According to CertiK's annual Hack3d report, that single incident accounted for over 60% of the total losses from all crypto hacking attacks in 2024, with the industry losing $2.3 billion across 760 on-chain security incidents that year.

Related: Crocodilus malware wreaks havoc globally, adding cryptocurrency and banking hijacking features

Original article: “CertiK: $2.1 Billion in Cryptocurrency Stolen in 2025, Hackers Shift Focus from Code to Users”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。