In early 2026, the blockchain security agency PeckShield released its 2025 Annual Report on Cryptocurrency Asset Theft Losses. Against the backdrop of a general "upgrade" in security products and risk control awareness, the report presented a staggering figure: the total losses from stolen and scammed cryptocurrency assets reached $4.04 billion, a year-on-year surge of 34.2%, setting a new historical high. In stark contrast, the report also indicated that only $334.9 million of the funds were actually recovered, which not only fell far below the total losses but also represented a significant decline from the $488.5 million recovered in 2024. Despite richer security tools, more frequent audits, and louder compliance narratives, the result was greater losses and lower recovery rates. The dissonance between old and new data highlights a sharp issue: in this arms race for security, tracking and law enforcement are being increasingly suppressed by rapidly evolving attack methods.
$4.04 Billion in Massive Losses: Hackers and Scams Upgrade Together
The PeckShield report shows that the total loss of $4.04 billion in cryptocurrency assets in 2025 was primarily composed of two parts: one is traditional hacking attacks, which caused losses of about $2.67 billion; the other is various frauds and scams, accumulating losses of about $1.37 billion. In terms of scale, hacking attacks remain the absolute majority, accounting for over 60%, but what truly changes the structure is the growth curve. The losses from hacking attacks in 2025 increased by 24.2% year-on-year, which is already striking, yet it was overshadowed by the explosive rise in fraud losses—various scams saw losses soar by 64.2%, firmly occupying the position of "growth king." The results indicate that the criminal landscape in 2025 is shifting from purely relying on technical intrusions to a dual approach of "technology + human weaknesses." Technical capabilities are no longer just tools for breaking contracts and wallets; they are also providing packaging and disguise for more sophisticated and deceptive scams. While the numbers for hacking attacks remain high, the curve for fraud is becoming steeper and more urgent, indicating that the truly hard-to-detect risks in the entire ecosystem are quietly shifting from code vulnerabilities to the "upgrading of deception" at the cognitive and trust levels.
Recovery Drops by Nearly 30%: Where Did the Funds Disappear?
If the record scale of losses can still be interpreted as a passive result of "increased volume leading to amplified risks," then the decline in recovered amounts directly exposes the facade of "upgraded security protection." PeckShield's data shows that the cryptocurrency assets recovered in 2025 were approximately $334.9 million, while in 2024, this figure was about $488.5 million, shrinking by over $150 million in just one year, with a nearly 30% drop contrasting sharply with the overall loss increase of 34.2%. In other words, more money was stolen, but it became harder to recover. On the surface, over the past year, security audits, on-chain monitoring, risk control services, and even self-built security teams for projects have all been "upgraded," but the sharper reality is that the efficiency and capability of tracking and law enforcement have not improved in sync; instead, they have been retreating in the face of countermeasures against criminal methods. On one hand, new types of attacks are using more complex cross-chain transfers, mixing, and splitting paths on a large scale, quickly dispersing funds across a broader network of addresses, which are visible on-chain but difficult to effectively lock down; on the other hand, fraud cases often disguise themselves as "voluntary participation" in the early stages, causing project parties and victims to miss the best opportunities for freezing and recovering funds before the facts are fully clear. This "visible yet unreachable" tracking dilemma makes "new types of attacks harder to trace" a core conflict in the security narrative of 2025, also laying the groundwork for subsequent discussions on the evolution of technology and methods.
Centralization as a Breakthrough Point: The Security Myth Backfires
In dissecting the year's security events, PeckShield provided a straightforward judgment—"The systemic vulnerabilities of centralized infrastructure are the main breakthrough points." This means that while the narrative of decentralization resonates loudly, real financial losses often occur in various centralized links. These links have become disaster zones not because of a lack of technical capability, but due to their inherent structural characteristics, which concentrate risks that should be dispersed: funds are held in the wallets or systems of a few institutions, with a large number of keys and permissions concentrated in very few accounts or even a handful of key employees. Once the permission hierarchy and access channels are breached, the consequences of a single point of failure can lead to massive losses. In practical operations, whether it is large trading platforms, institutional custody services, or infrastructure that undertakes key routing and matching roles like cross-chain and clearing, as long as there are systemic weaknesses in architectural design, internal processes, or access controls, hackers and collusion from within and outside can amplify a single attack into an ecosystem-level incident. More troubling is that the "brand security" accumulated from centralization history leads users and institutions to habitually lower their guard, willing to pile the largest amounts of assets in these "seemingly safest" places. When this trust is breached, it brings not only financial losses but also triggers a chain reaction of panic withdrawals, liquidity exhaustion, and the collapse of credit systems, with the entire industry’s reliance on the "myth of centralized security" being harvested in reverse through repeated incidents.
Social Engineering Precision Hunting: From Net Casting to Sniping
If the exposure of centralized infrastructure reveals hard flaws in technology and organizational structure, then the evolution of social engineering attacks pushes the battlefield further into the realm of human psychology and cognition. PeckShield pointed out in the report that "social engineering attacks exhibit characteristics of targeted strategic transformation," meaning that attackers are shifting from the past's rough large-scale net-casting scams to pinpoint "sniping" aimed at specific high-value individuals. This transformation aligns closely with the explosive growth of 64.2% in fraud losses in 2025, which is not simply due to "more people being deceived," but rather that the loss amount, concealment, and difficulty of evidence collection for each scam are all rising simultaneously. Unlike traditional on-chain vulnerabilities, social engineering attacks often begin with long-term information gathering and relationship building, with attackers playing multiple roles such as project investors, partners, institutional executives, or even "regulatory-related personnel," using publicly available information and social footprints to construct credible personas in reverse. For core members of project teams, operational and risk control personnel of trading platforms and institutions, and key positions holding multi-signature or approval permissions, they are becoming the most "cost-effective" targets—breaching one person could potentially open the main door to an entire funding system. Because these attacks are highly customized, with communication channels de-platformed, they often traverse multiple layers of social media and identity disguise by the time they occur, making it difficult for traditional methods relying on on-chain data to fully restore the truth. Consequently, social engineering and scam-type attacks are statistically harder to quickly confirm and classify, extending the accountability and recovery cycles, amplifying the gray areas of cases, and shifting the focus of the arms race from purely on-chain tools to a long-term confrontation against organizational security and human weaknesses.
Rising Macro Risk Appetite: Bull Market Greed Amplifies Everything
The security data of 2025 is not just a string of isolated on-chain numbers; it also reflects changes in global risk appetite. A VanEck report released on January 13, 2026, suggested that the traditional "four-year halving and cycle" structure of Bitcoin is being broken, with the correlation between Bitcoin and broader risk assets strengthening. On the same day, the Nikkei Index rose by 3.1%, reaching a historical high, providing a direct annotation for the macro narrative of "global capital risk appetite rising." In such an environment, market participants' expectations for high returns are continuously reinforced, making it easier for both project parties and ordinary users to make riskier choices regarding "whether to leverage further" or "whether to bet on a more aggressive new narrative." The tension between security spending and return expectations thus becomes sharp: when short-term returns seem within reach, security audits, internal risk controls, and compliance processes are often viewed as "cost centers" that slow down progress, being squeezed in terms of time and budget. For attackers, a high-volatility, high-liquidity bull market environment serves as a natural "noise cover." Against the backdrop of dramatic price fluctuations, high-frequency capital inflows and outflows, and continuously congested cross-chain bridges and derivatives channels, abnormal trading paths are more easily buried within the overall flow, making money laundering and transfer operations appear less conspicuous. Especially when multiple trading platforms, on-chain protocols, and cross-chain routes are under pressure simultaneously, it becomes challenging to tighten risk control rules significantly without affecting normal trading experiences, further compressing the time window for freezing abnormal funds and coordinating tracking, thereby eroding the recovery space.
From Arms Race to Survival Choice: The Security Bottom Line in the Crypto World
Returning to the core paradox presented in PeckShield's report—security protection seems to be comprehensively upgraded, yet losses are hitting historical highs. This does not mean that security investments are ineffective; rather, in reality, there is a clear imbalance in the arms race between security technology and criminal methods: on one side are progressive optimizations like contract audits, hardware wallets, multi-signatures, and risk control systems, while on the other side are attackers unbound by compliance and organizational boundaries, rapidly combining and exploiting systemic vulnerabilities in centralized systems, complex cross-chain paths, and refined social engineering to bypass the layers where traditional security paradigms excel at defense. Looking ahead to the next phase, interoperability solutions like EIL are redefining the technical models for cross-chain and asset routing, and the performance and liquidity implications they bring will inevitably spark a new round of debates on security models. The higher the interoperability, the blurrier the system boundaries become, and the attack surfaces available to attackers also increase—every elevation in abstraction levels pushes defenders to be forced to reconstruct their threat models. For institutions and individuals, this is no longer just a question of "whether to buy another security product," but a reorientation concerning survival modes. At the strategic level, it is more critical to reduce blind trust in any form of centralized single points, actively building redundancy and decentralized structures in key areas such as asset custody, permission configurations, and cross-chain routing; at the same time, expanding security investments from merely stacking on-chain tools to include organizational and social engineering protections—including permission tiering, dual review of operations, contingency plans for sensitive behaviors, and long-term security education and identity management for core members. Only by treating the defenses of "people" and "organizations" equally with technical defenses can the crypto world hope to maintain an unaltered security bottom line in the next round of bull-bear transitions and shifts in technological narratives.
Join our community to discuss and become stronger together!
Official Telegram community: https://t.me/aicoincn
AiCoin Chinese Twitter: https://x.com/AiCoinzh
OKX Welfare Group: https://aicoin.com/link/chat?cid=l61eM4owQ
Binance Welfare Group: https://aicoin.com/link/chat?cid=ynr7d1P6Z
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
