Smart Contract Hacks Surge Past $3.9B in 2025 as Third-Party Breaches Escalate

Generated by AI AgentCoinSageReviewed byAInvest News Editorial Team
Friday, Jan 2, 2026 9:44 pm ET2min read
ETH
--
Aime RobotAime Summary

- Crypto hacking losses hit $3.95B in 2025, led by North Korean groups exploiting third-party and supply chain vulnerabilities.

- Third-party breaches like ByBit’s $1.5B heist and Trust Wallet’s $8.5M breach highlighted systemic infrastructure weaknesses.

- North Korean cyber operations, including phishing and cross-chain exploits, caused over half of thefts, with unknown risks persisting.

- Industry faces pressure to strengthen security protocols, audits, and multi-signature systems to mitigate evolving threats.

Smart contract hacks inflicted unprecedented damage on crypto ecosystems in 2025,

with losses nearing $4 billion
. Third-party breaches and supply chain vulnerabilities dominated attack vectors,
enabling incidents like the $1.5 billion ByBit heist
. North Korean cyber groups amplified risks through sophisticated phishing operations targeting operational weaknesses. The industry faces mounting pressure to harden security protocols as threats evolve beyond technical flaws.

How Did Third-Party Vulnerabilities Drive Record Losses in 2025?

Third-party service providers became critical attack surfaces last year. Hackers

stole $1.5 billion in Ethereum from ByBit
by compromising Safe{Wallet} through social engineering. They
altered code to divert funds
after gaining AWS access through a developer account. Centralized exchanges suffered the largest losses despite decentralized protocols facing more frequent attacks
according to data
.

Trust Wallet's $8.5 million breach

revealed similar supply chain dangers
. Attackers
hijacked its Chrome extension
using stolen API credentials to upload malicious code. This
compromised version stole wallet data
from over 2,500 users before detection. Some reports
estimated lower losses of approximately $7 million
, highlighting incident volatility. Such breaches underscore systemic infrastructure fragility.

What Are the Emerging Attack Vectors Threatening Crypto Security?

North Korean groups like Lazarus

orchestrated over half of 2025's thefts
targeting operational gaps. Phishing and social engineering attacks surged while smart contract exploits
caused just $512 million in losses
. These actors
employed tactics like compromising exchange frontends
to trick employees into signing fraudulent transactions. Recovery rates dropped sharply with only 13% of stolen funds reclaimed
according to data
.

An ongoing cross-chain exploit

demonstrates persistent unknown risks
. Hundreds of EVM wallets
lost small amounts averaging under $2,000
each, totaling $107,000. Attackers use distributed tactics across blockchains to evade detection. Security investigators
cannot identify the root cause
despite active thefts continuing. This represents a troubling escalation in stealth attacks.

How Can the Industry Address Rising Supply Chain Risks?

Enhanced third-party risk management has become essential for survival. Firms must implement rigorous software dependency audits and credential rotation

like Trust Wallet's post-breach measures
. Multi-signature protocols and cold storage adoption would reduce hot wallet exposure to live threats
according to reports
. Security teams prioritize vendor assessments after incidents showed single vulnerabilities cascading across systems.

Regulatory pressure will likely

enforce stricter compliance standards
starting this year. Operational failures caused most breaches rather than code vulnerabilities last year
according to industry analysis
. Mandatory security certifications could mitigate risks at aggregation points like law firms and cloud providers
according to experts
. The industry must consolidate security gains to prevent further erosion of institutional trust.