Author: DLNews

Translation: Deep Wave TechFlow

Deep Wave Introduction: Cryptocurrency hacking attacks have surged this year, but the real threat is not code vulnerabilities, but people. From the $1.5 billion of Bybit to the $300 million of Drift, hackers manipulate developers through social engineering, while the industry is using the "AI threat narrative" to cover up its own failures in security construction. For investors and practitioners, this means that no matter how strong the technical audits are, they cannot block human weaknesses, and attention must be paid to the team's security awareness and process management when choosing projects.

Michael Pearl feels like he is being phished.

The vice president of strategy at the security company Cyvers told DL News that suspicious individuals would approach him at cryptocurrency conferences, trying to sell him stories of easy money.

"I've encountered this several times, suspecting I was being targeted by a social engineering attack," he said.

"Someone approaches you, telling a story that's too good to be true — claiming they want to invest in your company, to buy your product, then sending you a link that looks very suspicious."

Social engineering is a strategy used by cybercriminals to trick victims into clicking on links containing malware. It is a psychological manipulation technique that lures people into letting their guard down. It often serves as the first step of digital attacks on crypto projects, and can come from anywhere.

For example, the notorious North Korean hacking group Lazarus Group has a history of using fake job advertisements on LinkedIn to lure victims.

In February 2025, Bybit was robbed of $1.5 billion, in January a cryptocurrency holder was robbed of $282 million, and this month's Drift Protocol attack are just examples of heists that began with social engineering.

And the situation is worsening. In October last year, cryptocurrency security firm Elliptic warned that social engineering attacks targeting crypto projects were on the rise. This is part of a growing concern among blockchain investigators and traders, who have noticed a spike in cybercrime this year.

"Main Target"

A small portion of headlines this year paints a grim picture.

The team behind the popular Solana exchange Drift was approached by seemingly well-intentioned businessmen at a conference, and soon after, the project was robbed of nearly $300 million.

In early April, a hacker created unsecured tokens by tricking the crypto bridge HyperBridge, minting $1.2 billion worth of fraudulent cryptocurrency out of thin air.

A few days later, one of the industry's most well-known billionaires, Justin Sun, pleaded for the North Korean hackers believed to be behind the Kelp DAO hack to come forward for negotiations.

Last year, hackers stole a record amount of cryptocurrency. According to DefiLlama data, they took over $2.5 billion. So far this year, criminals have stolen $786 million from crypto projects.

While decentralized finance protocols have been singled out, centralized systems, including the largest exchange in the US, Coinbase, are the primary targets.

Now, hackers have turned their enthusiasm towards DeFi again. This rapidly evolving, experimental field was once notorious for its vulnerabilities, and though it was thought to have matured, it has returned to the spotlight — and not for honorable reasons.

"Currently, DeFi seems to be the primary target," Pearl said. "Overall, everything has shifted to attacking humans rather than attacking systems."

Attacking Humans

What has led to the surge in thefts? Security experts point to humans as the core failure point.

"The initial point of intrusion often starts with people," Elliptic's VP of investigations, Matt Price, told DL News, adding that artificial intelligence is helping criminals refine their social engineering tactics.

The largest hack in cryptocurrency history, the $1.5 billion theft from the exchange Bybit, occurred after attackers posed as trusted open-source contributors and convinced developers to install malicious software.

Attacks this year have unfolded in similar ways.

According to blockchain security firm Chainalysis, the Drift Protocol was targeted by hackers who established relationships with the exchange's team, posing as members of legitimate trading organizations.

Then they tricked Drift employees into signing transactions they did not fully understand, handing over governance control. They stole nearly $300 million in assets.

Just an Excuse?

Since the surge of better, cheaper AI models, hackers can employ more sophisticated techniques — and according to some, it really helps.

This week, lawmakers questioned cybersecurity experts at a joint hearing of the border security and enforcement subcommittee and the cybersecurity and infrastructure protection subcommittee, with the consensus being that hackers are more efficient, able to work faster with AI tools that were not easily accessible before.

Last month, security experts told DL News that cybercriminals are increasingly using AI to search for vulnerabilities in DeFi protocols, then exploiting mistakes that auditors might have missed.

But others are skeptical — and believe the AI narrative is being used as an excuse.

"The story DeFi is trying to tell is 'we are facing an unimaginable threat from AI that will find the tiniest, most hidden vulnerabilities,'" said David Schwed, COO of SVRN and a veteran in the cybersecurity industry.

"But that’s not true. The truth is: you built something extremely bad and unsafe, [hackers] just can find it faster."

Schwed, who previously led digital asset product development at BNY Mellon, added that unless DeFi projects start to think like traditional financial companies and prioritize security, attacks will continue.