Crypto Incidents Cost $3.1B in 2025 H1, Driven by Human Errors and AI Hacks

Generated by AI AgentCoin World
Thursday, Jul 24, 2025 1:04 pm ET1min read
Aime RobotAime Summary

- Hacken reports $3.1B lost to crypto incidents in 2025 H1, driven by human errors and AI-powered attacks surpassing technical vulnerabilities.

- Access control failures ($1.83B) dominated losses, exemplified by Bybit’s $1.46B breach via compromised wallet signer and untraceable assets.

- Phishing scams ($600M) and smart contract exploits ($264M) highlighted risks, including a $330M U.S. Bitcoin theft and Cetus’s $223M overflow bug.

- AI-driven attacks surged 1,025% via insecure APIs, prompting calls for combined on-chain/off-chain security standards and user education to combat evolving threats.

The first half of 2025 has seen over $3.1 billion lost to crypto-related incidents, marking a sharp increase compared to the previous year’s total losses, according to Hacken’s analysis. The data highlights a shift in security threats, with human errors and AI-powered attacks emerging as dominant factors alongside technical vulnerabilities. Access control failures accounted for 59% of the losses, or $1.83 billion, driven by compromised systems and social engineering tactics. The Bybit breach, where attackers exploited a Safe{Wallet} signer to steal $1.46 billion, exemplifies the scale of these risks. Bybit’s tracking system later revealed that over 80% of the stolen assets remain untraceable [1].

Phishing and social engineering scams contributed nearly $600 million (19% of total losses), with one of the most striking cases involving an elderly U.S. individual who lost $330 million in

Bitcoin
after falling victim to a trust-based manipulation scheme. Hacken emphasized that these attacks rely heavily on emotional exploitation rather than purely technical weaknesses. Similarly,
Coinbase
users were targeted through impersonation of support staff following a data breach, resulting in an estimated $100 million in stolen funds via deceptive calls that leveraged real account balances to gain trust [1].

Smart contract vulnerabilities caused $264 million in losses, with the Cetus exploit—where an overflow bug drained $223 million in 15 minutes—being the most severe incident of the quarter. Hacken noted that real-time TVL monitoring and auto-pause mechanisms could have potentially saved 90% of the funds [1]. Meanwhile, AI-driven attacks surged by 1,025% year-over-year, primarily exploiting insecure APIs and vulnerabilities like remote code execution in Langflow and BentoML. Prompt injection attacks on commercial LLMs further underscored the evolving nature of these threats [1].

Hacken’s report stresses that the crypto industry’s operational maturity remains uneven, with fragmented governance over wallet access and weak off-chain security practices exacerbating risks. To mitigate these challenges, the firm recommends combining the Cryptocurrency Security Standard for on-chain key management with ISO/IEC 27001 for off-chain compliance. Training and user awareness are also emphasized as critical components of a layered defense strategy [1].

The data underscores a broader trend: while technical audits remain vital, addressing human-centric risks and AI-specific vulnerabilities is now essential. As attackers increasingly leverage sophisticated tools and psychological manipulation, the industry must adopt comprehensive frameworks that integrate technical safeguards, operational discipline, and user education to stay ahead of an escalating threat landscape [1].

Source: [1] [title1: Human errors and AI-driven hacks keep hitting crypto hard in 2025, data show] [url1: https://coinmarketcap.com/community/articles/6882643162fc924b0b927c5f/]

Comments



Add a public comment...
No comments

No comments yet