Written by: Prathik Desai
Translated by: Block unicorn
Preface
It all starts with a message. The brand image looks credible, the logo meets expectations, and the LinkedIn profile shows you have some mutual contacts. The recruiter says they found your GitHub project and want to offer you a contract job at a well-funded company that combines AI with DeFi protocols. You quickly browse their website. The design is clean and smooth, the content is trustworthy, but all the expected places are filled with jargon. There’s a screening test on the site, and the test content is sent as a ZIP file.
You unzip it and run the installer directly—an instant wallet authorization prompt flashes on the screen. Without thinking, you click confirm. But nothing happens, and the computer doesn’t freeze. Five minutes later, your Solana wallet is emptied.
This is not a figment of imagination. This is almost the complete process of numerous attacks recorded by blockchain analysis experts in 2025, linked to North Korean hacker groups. They exploit fake job offers, infected test files, and malware to infiltrate wallets.
In today’s article, I will take you through the evolution of cryptocurrency attack methods in 2025 and how to protect yourself from some of the most common on-chain attacks.
Now, let’s get to the point.
The Biggest Shift in Cryptocurrency Hacking in 2025
From January to September 2025, hackers associated with North Korea have stolen over $2 billion in cryptocurrency. According to blockchain analysis firm Elliptic, 2025 has become the year with the highest recorded amount of digital asset crime.
The largest single loss came from the Bybit exchange theft in February, which resulted in a loss of $1.4 billion for the cryptocurrency exchange. The total value of stolen crypto assets by the North Korean regime has now exceeded $6 billion.
Aside from the shocking numbers, the most notable aspect of Elliptic’s report is the change in how cryptocurrency vulnerabilities are exploited. The report states, “Most hacking attacks in 2025 were achieved through social engineering,” which is a stark contrast to the previous methods where North Korea stole large sums of money by disrupting infrastructure. For example, the notorious Ronin Network hack in 2022 and 2024, as well as the 2016 TheDAO hack.
Today, security vulnerabilities have shifted from infrastructure to human factors. A report from Chainalysis also pointed out that private key leaks accounted for the highest percentage (43.8%) of cryptocurrency thefts in 2024.
Clearly, as cryptocurrency evolves and the security of protocols and blockchain layers improves, attackers find it easier to target individuals holding private keys.
Such attacks are also becoming increasingly organized rather than random individual attacks. Recent announcements and news reports from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) describe North Korean-related attack activities that combine fake crypto engineer job postings, implanted trojan wallet software, and malicious open-source community poisoning to carry out attacks. Although the tools hackers rely on are technical, the entry point for the attacks is psychological.
The Bybit hack is the largest single cryptocurrency theft to date, showcasing how such issues occur in large-scale transactions. When approximately $1.4 billion worth of Ethereum was stolen from a cluster of wallets, early technical analysis showed that the signer did not carefully verify the authorization content. The Ethereum network itself executed valid and signed transactions, but the problem lay in the human operation.
Similarly, in the Atomic Wallet hack, malware attacked the way private keys were stored on users' computers, resulting in the disappearance of crypto assets worth approximately $35 million to $100 million.
You will find that this is often the case. When people do not fully verify wallet addresses during transfers or store private keys with very low security levels, the protocol itself is almost powerless.
Self-Custody is Not Foolproof
The principle of “not your keys, not your coins” still applies, but the problem is that people stop thinking after that.
Over the past three years, many users have moved their funds off exchanges, driven both by concerns over a repeat of the FTX collapse and by ideological commitment. In the past three years, the cumulative trading volume of decentralized exchanges (DEX) has more than doubled, from $3.2 trillion to $11.4 trillion.
While it may seem that the security culture has improved on the surface, the risk has shifted from custodial security measures to a chaotic situation where users must solve problems themselves. Browser extensions on computers, mnemonic phrases saved in mobile chat histories or email drafts, and private keys stored in unencrypted note applications cannot effectively guard against lurking dangers.
Self-custody aims to address the dependency issue: no longer relying on exchanges, custodians, or any third party that could freeze withdrawals or go bankrupt. But it has not resolved the “cognitive” issue. Private keys give you control, but they also place all responsibility on you.
So, how should you address this issue?
Hardware Wallets Help Reduce Friction
Cold storage can solve part of the problem. It stores your assets offline in a vault-like place.
Has the problem been solved? Only partially.
By removing private keys from general devices, hardware wallets eliminate the hassle of browser extensions or “one-click transaction confirmations.” They introduce a physical confirmation mechanism that can help protect users.
However, hardware wallets are ultimately just a tool.
Security teams from several wallet providers are candid about this. Ledger reports multiple instances of phishing attacks using its brand, where attackers use fake browser extensions and cloned versions of Ledger Live. These interfaces are familiar enough to lower users' guard, but at some point, users are asked to enter their mnemonic phrases. Once the mnemonic phrase is leaked, the consequences can be dire.
People may also be tricked into entering their mnemonic phrases on fake firmware update pages.
Therefore, the true role of hardware wallets is to shift the attack surface and increase friction, thereby reducing the likelihood of being attacked. But they cannot completely eliminate risk.
Separation is Key
The maximum effectiveness of hardware wallets relies on purchasing them from official or trusted sources and keeping mnemonic phrases completely offline and secure.
Long-term professionals in this field, including incident responders, on-chain investigators, and wallet engineers, all recommend separating and diversifying risk.
One wallet is used for daily transactions, while another wallet is rarely connected to the internet. Small amounts of funds are used for experimentation and DeFi mining, while larger amounts are stored in a vault that requires multiple steps to access.
Above all, the most important thing is basic security habits.
Some seemingly tedious habits can be very helpful. No matter how urgent the pop-up is, do not enter your mnemonic phrase on a website. After copying and pasting, always verify the complete address on the hardware screen. Before approving any transaction that was not initiated by you, think twice. For links and “customer service” messages from unknown sources, remain skeptical until verified.
These measures cannot guarantee absolute security; risks will always exist. But with each additional step taken, the risk is reduced a little more.
Currently, for most users, the biggest threat is not zero-day vulnerabilities, but rather the information they have not carefully verified, the installation programs they download and run immediately because the job opportunity sounds good, and the mnemonic phrases written on the same piece of paper as their grocery list.
When those managing billions of dollars treat these risks as background noise, they ultimately become case studies labeled as “vulnerabilities.”
That’s all for today; see you in the next article.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
