Social Engineering in 2025: The Main Vector of Attacks on Cryptocurrency and Modern Methods of Protection and How the Human Factor Became the Weak Link of Crypto Security

Web3 cybersecurity company CertiK has seen a significant shift in cryptocurrency hacker tactics in 2025, with attackers increasingly exploiting vulnerabilities in smart contracts and blockchain infrastructure and increasingly turning to social engineering schemes targeting users 2 5 .

According to CertiK, more than $2.1 billion in cryptocurrency was stolen in 2025 as a result of various attacks , with the bulk of the losses coming from crypto wallet hacks and phishing attacks – social engineering schemes in which fraudsters use fake links to steal sensitive information, such as users’ private keys 2 5 .

CertiK co-founder Ronghui Gu emphasized that the rise in social engineering attacks indicates a shift in attack vectors: “Whereas smart contracts and blockchain code used to be the weakest link, hackers now believe that human behavior is the weakest link.” 2 5 In particular, social engineering schemes such as address poisoning do not require technical hacking, but rely on tricking victims into sending assets to fraudulent addresses 2 .

Phishing attacks have become the most expensive attack vector in the crypto industry, with 296 incidents recorded in 2024, with total losses exceeding $1 billion 2 . In 2025, phishing losses in the first quarter alone amounted to approximately $410 million across 132 incidents 1 7 . This confirms that social engineering scams continue to gain momentum.

Additionally, the largest losses were due to wallet hacks, with 34 incidents resulting in the theft of over $1.7 billion 1 7 . The Bybit crypto exchange hack on February 21, 2025, was particularly large-scale, with the North Korean group Lazarus Group stealing around $1.4 billion — the largest exploit in cryptocurrency history 2 3 . This incident accounted for over 60% of all losses in the first half of 2025.

The CertiK report notes that overall, losses from hacks, fraud, and exploits reached $2.47 billion in the first six months of 2025 , which already exceeds the total for the whole of 2024 (around $2.42 billion) 1 3 6 7 . At the same time, the second quarter of 2025 saw a decrease in the number of attacks and the amount of losses – 52% less compared to the first quarter, indicating some improvement in the situation 3 6 .

CertiK experts recommend that the industry strengthen security measures, including improving wallet protection, access control, real-time transaction monitoring and the use of attack simulation tools, to reduce the number of incidents in the future 2 .

So the key facts and details as of mid-2025 are:

Total losses from crypto attacks in 2025 exceeded $2.1–2.5 billion, which is higher than the previous year’s figures 1 2 3 6 .
The main reasons for the losses were wallet hacks (about $1.7 billion) and phishing attacks (about $410 million) 1 2 7 .
Hackers have shifted their focus from technical vulnerabilities to psychological methods of social engineering 2 5 .
The largest incident was the $1.4 billion Bybit hack orchestrated by the Lazarus group 2 3 .
Phishing has become the most expensive and widespread attack vector, requiring increased vigilance from users 2 5 .
In Q2 2025, there was a decrease in the number of attacks and losses, which may indicate an increase in the effectiveness of security measures 3 6 .
Experts’ recommendations include strengthening wallet security, access control and transaction monitoring 2 .

This data confirms that in 2025, the cryptocurrency industry faces serious security challenges, where the human factor becomes the main vulnerable link and the fight against social engineering comes to the fore.

How Social Engineering Became the Main Attack Vector in the Crypto Industry in 2025

Social engineering has become the main attack vector in the crypto industry in 2025, as attackers shift their focus from technical vulnerabilities to psychological methods of influencing users and employees. Instead of hacking smart contracts and blockchain infrastructure, hackers began to use manipulation, deception, and psychological pressure to force victims to voluntarily disclose confidential information or transfer assets to fraudulent addresses 1 5 .

The key factors that contributed to this transition were:

The growth of institutional and retail interest in cryptocurrencies has led to an increase in the number of users with different levels of digital literacy, making them more vulnerable to fraud 1 .
The irremovability of transactions in the blockchain means that once funds have been transferred, it is virtually impossible to return them, which increases the attractiveness of social engineering for fraudsters 1 .
The use of sophisticated and personalized attacks based on collecting information about victims through OSINT and social network analysis, which allows for the creation of trust-based deception scenarios 4 .
Active use of instant messengers and social networks (for example, X, Telegram, YouTube) as channels for distributing phishing links and fraudulent messages 2 4 .
Involvement of insiders and bribery of employees of crypto exchanges and services, which gives attackers direct access to confidential user data, as happened with the Coinbase exchange, where the data of 70 thousand clients was stolen through bribery of employees, and then hundreds of millions of dollars were stolen using social engineering 3 6 .

According to CertiK, in 2025, more than $2.1 billion was stolen through social engineering attacks, including phishing and wallet hacks, surpassing losses from technical smart contract hacks 5 . A 2024 report from Chainalysis also found that social engineering accounted for about 73% of all cryptocurrency thefts, confirming the dominance of this vector 1 .

Experts note that hackers always target the weakest link, and as code and protocol security gradually improves, human vulnerability will become the main entry point for attacks in 2025 5 . This requires the industry to strengthen security measures, including user training, improved authentication, access control, and real-time transaction monitoring 2 5 .

Thus, social engineering has become the main attack vector in the crypto industry in 2025 due to its effectiveness, difficulty of technical detection, and exploitation of human psychology, making it the most dangerous and costly threat to the cryptocurrency market.

What measures can reduce the risk of losses due to fraudulent social engineering schemes

To reduce the risk of losses due to fraudulent social engineering schemes in the crypto industry, it is necessary to apply a comprehensive approach, including technical measures, user training and organizational procedures. The main effective measures are as follows:

Training and awareness raising for users and employees
Regular training helps to recognize the types of social engineering attacks (phishing, pretexting, address poisoning, etc.), understand their psychological techniques and respond correctly. It is important to teach employees and users to “take a break” when receiving suspicious requests, not to succumb to emotional pressure and always double-check information through official channels 2 5 7 .
Using multi-factor authentication (MFA)
MFA significantly reduces the risk of unauthorized access, even if the attacker has obtained the password. These can be SMS confirmations, biometrics, hardware security keys 1 5 6 .
Technical protection of devices and networks
Regularly updating software and antivirus databases, using anti-phishing filters and tools to block malicious emails, limiting user rights (for example, not running devices with root rights and not using administrator accounts for everyday work) 1 5 6 .
Access Control and Privileges
It is important for organizations to implement strict access policies for critical systems and data, minimizing the number of users with administrative rights and regularly reviewing access levels 5 6 .
Monitoring and analyzing suspicious activity
Implementing real-time transaction monitoring systems and threat intelligence platforms helps quickly identify anomalies and potential social engineering attacks 5 .
Creating a culture of security and transparency
Encouraging employees to report suspicious emails and calls, conducting phishing tests and regular security audits increases collective vigilance and reduces the likelihood of successful attacks 7 .
Checking sources and official contacts
When receiving requests to transfer confidential information or funds, you should always double-check the data through official websites and phone numbers, and not trust messages or calls from unknown or suspicious contacts 1 2 4 .
Rapid response to incidents
If you suspect that your accounts have been compromised or that your data has been leaked, you must immediately change your passwords, notify security services and financial providers to block potential fraudulent transactions 1 6 .

Thus, the combination of technical means of protection, user training and organizational procedures can significantly reduce vulnerability to fraudulent social engineering schemes and minimize financial losses in the crypto industry.

Why Attackers Prefer to Bypass Smart Contract Vulnerabilities and Focus on Human Behavior

Attackers in 2025 prefer to bypass smart contract vulnerabilities and focus on human behavior for several reasons related to the effectiveness and complexity of attacks.

Improving Smart Contract Security and Hacking Difficulty
Over the past few years, the industry has significantly improved the quality of smart contract development and testing, introduced automated vulnerability detection methods, and implemented secure programming patterns (such as the check-effect-call pattern to prevent reentrancy attacks) 1 3 5 . This has reduced the number of simple and mass vulnerabilities that require technical hacking and increased the barrier to attack for hackers.
High Cost and Risk of Code Breaking
Attacks on smart contracts require deep technical knowledge, significant resources, and often complex exploits. Errors in the code can be detected and quickly fixed, and a successful hack can lead to legal and technical consequences. Social engineering attacks, on the other hand, bypass these complexities by directly affecting users.
The Human Factor Is the Weakest Link
As CertiK co-founder Ronghui Gu noted, “Attackers always target the weakest link,” and in 2025, that’s human behavior, not code [source from context]. People are susceptible to deception, haste, and gullibility, which makes social engineering more effective and less expensive.
Simplicity and scalability of social engineering
Social engineering does not require hacking systems – fraudsters use phishing, address forgery, fake messages and calls to force victims to voluntarily hand over access to wallets or transfer funds to fraudulent addresses. Such schemes are easily scalable and often remain undetected by technical means of protection.
Blockchain Transaction Reversibility
Once a user has transferred funds to a fraudulent address, there is no way to get them back. This makes social engineering particularly attractive to attackers, as it directly exploits human error rather than a code vulnerability.
Examples of Smart Contract Fraud Involving Users
Fraudsters can create fake projects that, under the guise of legitimate functions (such as NFT minting), trick users into signing transactions that actually transfer their assets to the fraudsters 6 . This demonstrates that even with technically correct code, the human factor remains vulnerable.

As a result, attackers have switched to social engineering because it allows them to bypass complex technical barriers, exploit the psychological characteristics of users, and cause huge financial losses without the need for complex hacking of smart contracts. This reflects a general trend in the crypto industry: as technical security improves, the role of the human factor as the main vulnerable link grows [source from context].

How Major Incidents Like the Bybit Exchange Hack Affect the Overall Security of Cryptocurrency Platforms

Major incidents such as the Bybit cryptocurrency exchange hack in February 2025 have a profound and multifaceted impact on the overall security of cryptocurrency platforms and the industry as a whole.

1. Strengthening security measures and revising protocols
The Bybit hack, which resulted in the theft of approximately $1.4-1.5 billion, was a strong signal to the entire industry about the need to implement multi-layered security systems. Exchanges and services have begun to actively use multi-signature wallets with stricter transaction approval protocols, mandatory access control, and comprehensive security audits that cover not only smart contracts but also the entire infrastructure and operational processes 1 3 5 .

2. Increase the role of the human factor and training
The incident showed that technical measures alone are not sufficient without constant training of employees and users in methods of recognizing phishing attacks and social engineering. Regular attack simulations and awareness raising have become mandatory elements of protection 1 3 .

3. Implementation of innovative security technologies
Since the Bybit hack, the industry has stepped up the development and implementation of advanced technologies such as artificial intelligence to analyze network behavior, real-time transaction monitoring, cryptographic methods (such as MPC wallets), and automated anomaly alert systems 2 5 6 .

4. Increased market volatility and decreased trust in centralized exchanges
The hack caused significant fluctuations in the prices of major cryptocurrencies — for example, Ethereum fell by 4.5% after the news of the hack. In addition, the incident undermined trust in centralized exchanges (CEX), which caused some users to switch to decentralized platforms (DEX) and self-custody of assets 6 7 10 .

5. Increased regulatory oversight and transparency requirements
Following major hacks, regulators are increasing their oversight of crypto exchanges, requiring stricter security standards, regular audits, and evidence of reserves. This helps to create a more transparent and accountable ecosystem 6 7 .

6. Forming new standards and a culture of security
The Bybit hack was a lesson for the entire industry, highlighting the importance of not only technical but also organizational measures: instant alerts, automated incident responses, independent verification of transactions, and control over third-party tools used by exchanges 1 3 .

Ultimately, major incidents like the Bybit hack act as catalysts for the evolution of crypto platform security. They expose vulnerabilities, drive the adoption of comprehensive and innovative security measures, change user and operator behavior, and contribute to the development of a more resilient and transparent crypto ecosystem. Despite the short-term negative consequences, these events make the industry more mature and secure in the long run.

What new technologies or strategies can help protect wallets and transactions from phishing attacks

To protect cryptocurrency wallets and transactions from phishing attacks in 2025, new technologies and strategies are being used that significantly increase the level of security. The main ones are:

Multi-factor authentication (MFA)
Mandatory use of MFA to access wallets and accounts significantly reduces the risk of hacking, even if an attacker has obtained a password or login. MFA requires additional confirmation (code from SMS, authenticator app or hardware key), which makes it more difficult for fraudsters to access 1 2 6 .
Behavior analysis systems and real-time transaction monitoring
Modern solutions track anomalies in user actions and suspicious transactions, which allows you to quickly identify fraudulent attempts and block them before damage occurs 1 .
Email filters and anti-phishing solutions
Using advanced filters that analyze incoming messages for signs of phishing (suspicious links, attachments, fake addresses) helps block fraudulent emails before the user even sees them 1 4 .
Password managers with URL verification
Password managers automatically fill in saved credentials only on trusted sites, which protects against fake phishing pages, even if the user accidentally clicks on a fraudulent link 6 .
Antivirus and antimalware software with protection against phishing
Modern antiviruses include modules that recognize malicious programs and phishing sites, blocking their download and warning users about a potential threat 3 7 .
User and employee training
Regular training and phishing simulations increase vigilance and help recognize fraudulent schemes, reducing the likelihood of a successful attack 1 .
Use of cryptographic technologies and hardware wallets
Hardware wallets and multi-signature technologies require approval of transactions from multiple devices or participants, which reduces the risk of funds being stolen through phishing 10 .
Automation and AI for Phishing Detection
Machine learning and artificial intelligence help analyze large amounts of data, identify new attack patterns, and respond to them in a timely manner 8 .
Backing up your data
Regularly creating backups allows you to restore access to your funds and information in the event of a successful attack 6 .

Thus, the combination of technical means – MFA, filters, antiviruses, password managers – with user training and the introduction of innovative technologies for monitoring and analyzing behavior creates multi-level protection against phishing attacks and significantly reduces the risk of losses in the crypto industry.

What modern technologies of automatic behavior analysis help to detect phishing attacks

Modern technologies for automatic behavior analysis to detect phishing attacks are based on the use of machine learning and artificial intelligence methods, which allow detecting new, previously unknown threats and analyzing user actions in real time. The main approaches include:

Machine learning for web page and domain analysis
Systems compare the structure and content of sites with known legitimate resources, identify suspicious domain names and patterns that are typical for phishing pages. Such methods outperform traditional signature and statistical approaches, allowing to detect new phishing sites 1 .
Analyzing user behavior after receiving a message
Automated systems track what actions the user tries to perform after receiving a letter or message – for example, clicking on links, entering data, attempting to log in. This helps to promptly stop the development of an attack 1 3 .
Using databases and adaptive learning
To improve accuracy, algorithms are trained on large databases of known phishing attacks that are updated regularly. Experts can adjust the AI, improving its ability to recognize new types of attacks 1 .
Phishing attack simulation and employee training
Tools like Phishman PM create realistic attack scenarios, analyze user reactions, and help increase their awareness and resilience to phishing 2 .
AI for email traffic analysis and filtering
Artificial intelligence analyzes incoming emails, identifying suspicious links, attachments, and anomalies in headers and content, allowing you to block phishing messages before they reach the user 6 .
Detection of redirect chains and URL cloaking
Systems detect complex redirect patterns and the use of URL shortening services, which are often used to hide malicious URLs 6 .
Geofencing and filtering by IP, User-Agent and other parameters
Technologies allow you to restrict access to phishing sites only from certain geographic areas or devices, which helps identify targeted attacks and prevent their spread 6 .

Thus, modern technologies of automatic behavior analysis combine machine learning methods, monitoring of user actions, URL and message content analysis, as well as training and simulation of attacks, which significantly increases the efficiency of detection and prevention of phishing threats in real time.