Crypto Cybertheft Surpasses $2.47 Billion in 2025 Driven by Social Engineering and Phishing Attacks

Generated by AI AgentCoin World
Tuesday, Aug 26, 2025 8:21 pm ET1min read
BTC
--
ETH
--
Aime RobotAime Summary

- CertiK's 2025 report reveals $2.47B in crypto cybertheft, surpassing 2024's total losses, with Bybit's $1.4B breach being the largest incident.

- Hackers increasingly exploit social engineering and phishing rather than technical vulnerabilities, targeting Ethereum-based assets like stETH.

- High-profile cases include a $91M Bitcoin scam and a $900K loss from a delayed malicious contract approval, highlighting persistent human vulnerabilities.

- Experts warn of ongoing risks despite improved technical defenses, urging stronger regulations, user education, and proactive security measures to combat evolving threats.

In 2025, the cryptocurrency industry has experienced a sharp rise in cybertheft, with reported losses exceeding $2.47 billion, according to CertiK’s Hack3d report [1]. This figure surpasses the total losses recorded in the entire year of 2024, signaling a significant escalation in the scale and frequency of attacks [1]. The most severe incident occurred at the Bybit exchange, where hackers stole $1.4 billion—more than half of the total losses in the first half of the year [1].

Ethereum-based assets have emerged as the primary target of these attacks, with stETH and other

Ethereum
derivatives frequently compromised [1]. Ronghui Gu, founder of CertiK, noted a concerning shift in attack methods. Instead of exploiting technical vulnerabilities in smart contracts or blockchain protocols, hackers are increasingly targeting human behavior through social engineering, phishing, and deception [1]. Gu emphasized that as technical defenses improve, attackers adapt by focusing on the weakest link—users themselves [1].

The financial impact of these incidents is profound. In the second quarter of 2025 alone, $801 million was lost across 144 separate breaches [1]. While this quarter's losses showed a temporary decline compared to previous periods, the overall trend remains alarming. Gu warned that unless systemic changes are made, losses are expected to remain in the billions in 2026 [1]. A

Bitcoin
investor, for example, lost $91 million after being tricked by hackers impersonating a crypto exchange and a hardware wallet service [1]. Similarly, a user unknowingly approved a malicious contract 458 days prior and later lost $900,000 [1]. These cases highlight the long-term and often delayed nature of certain cyber threats.

The rise in theft has drawn increased attention from regulators and institutional investors. Calls for stronger security infrastructure, better user education, and enhanced regulatory oversight are growing louder. Despite technological advancements in the blockchain space, the human element remains the most vulnerable point [1]. Analysts and security experts stress the need for continuous vigilance and proactive measures to prevent further breaches. As Gu put it, the battle with cybercriminals is an “endless war,” one that demands constant adaptation and innovation to stay ahead of increasingly sophisticated threats [1].

Source: [1] CertiK Founder Describes Battle with Hackers as 'Endless' (https://forklog.com/en/certik-founder-describes-battle-with-hackers-as-endless/)