Crypto hack counts fall but supply chain attacks reshape threat landscape

cointelegraphPublished on 2025-12-23Last updated on 2025-12-23

Abstract

New data from CertiK reveals that while crypto hackers stole $3.3 billion in 2025, the number of attacks fell sharply. Losses were concentrated in fewer, more damaging supply-chain attacks, which accounted for $1.45 billion across just two incidents, including the $1.4 billion Bybit hack. This shift indicates attackers are moving away from simple code vulnerabilities toward more sophisticated infrastructure-level exploits. The number of security incidents decreased by 162 year-over-year, suggesting improved protocol-level security. The median loss per hack fell 35.75% to $103,966, though the average loss rose to $5.3 million due to high-value outliers. Phishing scams were the second-largest threat, costing $722 million across 248 incidents. A significant subset was "pig butchering" romance scams, which used prolonged emotional manipulation and cost the industry $5.5 billion in 2024.

Crypto hackers stole $3.3 billion in 2025, but the number of attacks fell sharply as losses became concentrated in fewer, more sophisticated supply-chain exploits, according to new data from blockchain security firm CertiK shared with Cointelegraph.

While total losses remained elevated, the decline in incident counts and a drop in median theft sizes suggest that protocol-level security is improving, pushing attackers away from simple code vulnerabilities and toward phishing and infrastructure-level attacks.

CertiK said supply-chain breaches emerged as the most damaging threat, accounting for $1.45 billion in losses across just two incidents, including the $1.4 billion Bybit hack in February.

"The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem," the report said, predicting a rise in the “sophistication” of supply chain attacks as attackers target more infrastructure providers.

Crypto hacks by amount and incident, yearly chart. Source: CertiK

Related: Soulja Boy token sparks backlash after Base co-founder posts purchase receipt

The number of security incidents decreased by 162 counts year-over-year, indicating that blockchain cybersecurity measures are improving despite hackers aiming for larger targets.

The average amount lost per hack stood at $5.3 million, a 66% increase from the previous year. However, the median loss — a measure less influenced by outlier incidents — fell to $103,966, down 35.75% over the same period.

Cryptop hacks by incident type and amount of losses, one-year chart. Source: CertiK

Related: Solana AI token Ava hit by launch sniping tied to deployer: Bubblemaps

Code vulnerabilities fade as “pig butchering” scams threaten crypto savings

Phishing scams became the second-largest threat, costing crypto investors a cumulative $722 million across 248 incidents.

Recently, an investor lost their entire Bitcoin (BTC) retirement fund in an artificial intelligence-fueled romance scam, also known as a "pig butchering" scam, where the con artists used prolonged emotional manipulation to convince the investors to transfer their funds.

Pig butchering victim stats, grooming time. Source: Cyvers

Pig butchering scams are a subset of phishing scams that cost the industry a collective $5.5 billion in 2024, across 200,000 individual cases.

Notably, the average grooming period for victims is between one and two weeks in 35% of cases, while 10% of scams involve grooming periods of up to three months, according to blockchain security platform Cyvers.

In June, the US Department of Justice announced the seizure of over $225 million in crypto linked to pig butchering scams.

Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why

Related Questions

QAccording to CertiK's data, what was the total amount stolen by crypto hackers in 2025 and what was the most damaging type of attack?

ACrypto hackers stole a total of $3.3 billion in 2025. The most damaging type of attack was supply-chain breaches, which accounted for $1.45 billion in losses.

QWhat does the report suggest about the trend in protocol-level security based on the decline in incident counts and median theft sizes?

AThe decline in incident counts and the drop in median theft sizes suggest that protocol-level security is improving. This is pushing attackers away from simple code vulnerabilities and toward more sophisticated methods like phishing and infrastructure-level attacks.

QWhat was the average amount lost per hack and how much did it change from the previous year?

AThe average amount lost per hack stood at $5.3 million, which was a 66% increase from the previous year.

QWhat are 'pig butchering' scams and how much did they cost the industry in 2024?

A'Pig butchering' scams are a subset of phishing scams that involve prolonged emotional manipulation to convince victims to transfer their funds. They cost the industry a collective $5.5 billion in 2024 across 200,000 individual cases.

QWhat significant action did the US Department of Justice take regarding pig butchering scams in June?

AIn June, the US Department of Justice announced the seizure of over $225 million in cryptocurrency that was linked to pig butchering scams.

Related Reads

Will the Next Crypto Bull Run Start with On-Chain Trading of SpaceX?

This article presents a scenario-based forecast for the crypto industry from 2026 to 2029, arguing that the next major cycle will be driven not by technological narratives but by legal access to real-world assets. The author predicts that by mid-2026, pre-IPO perpetual contracts for top private companies like SpaceX, OpenAI, and Anthropic on platforms like Hyperliquid will become the primary gateway for accessing quality assets, as most crypto-native tokens fail to capture real value. The much-hyped AI x Crypto intersection largely fails except for prediction markets, which thrive on betting on AI model supremacy. By 2027, public blockchain foundations are forced to choose between catering to retail speculation or building compliant infrastructure for institutions, with many opting for the latter. Growth in stablecoins and tokenized private credit/equity hits a "triple ceiling" due to regulatory and political uncertainty rather than market demand. The pivotal shift is forecast for 2028. A major liquidation event in pre-IPO perpetuals exposes the structural flaw of synthetic markets lacking a real underlying asset anchor. In response, regulatory changes finally allow the public solicitation of private securities resales to verified accredited investors. This creates a legitimate secondary market for real company equity, which then becomes the core asset class of the new bull market, relegating synthetic perps to a niche role. By 2029, the industry becomes "boring" but foundational. Tokens without claims on real cash flows or assets cease trading. Stablecoin growth is steady but politically capped. Crypto infrastructure fades from view as it gets absorbed into traditional finance backends. The article's central thesis is that the key bottleneck for crypto's next phase is legal and regulatory channels for real asset ownership, not technology.

marsbit38m ago

Will the Next Crypto Bull Run Start with On-Chain Trading of SpaceX?

marsbit38m ago

Kalshi-CFTC Fight In New Mexico Could Shape Prediction Market Rules

A jurisdictional battle between the U.S. Commodity Futures Trading Commission (CFTC) and the state of New Mexico over the regulation of prediction markets could set national rules for the industry. At issue is who polices platforms like Kalshi, with the CFTC asserting federal oversight and New Mexico arguing state gaming and consumer protection laws apply, especially for contracts resembling wagers on events like elections or sports. The outcome will determine if prediction markets can scale nationally under a clear federal framework or face a fragmented, state-by-state regulatory landscape. This dispute is significant for the crypto-adjacent trading community, which often engages with these speculative event markets. A clearer rulebook could boost mainstream adoption, liquidity, and integration with crypto infrastructure, while a state-led challenge could stifle growth. The case is particularly sensitive for sports-related contracts, where the line between financial markets and gambling blurs. Ultimately, this legal fight will shape whether prediction markets become a scalable national product or remain constrained by jurisdictional conflicts.

bitcoinist2h ago

Kalshi-CFTC Fight In New Mexico Could Shape Prediction Market Rules

bitcoinist2h ago

The Value Distribution of Stablecoins

**Summary: The Value Distribution of Stablecoins** The article argues that stablecoins are evolving from mere trading tools into broader channels for dollar access. It divides the stablecoin ecosystem into four layers to analyze how value is distributed: 1. **Issuance Layer:** Mints stablecoins, holds reserve assets, and captures the spread between reserve yield and user costs (e.g., Tether, Circle). This layer currently earns the largest profit margin. 2. **Infrastructure Layer:** Connects stablecoins to the traditional financial system, handling fiat on/off-ramps, banking integration, compliance (KYC/AML), and asset management (e.g., Bridge, BVNK). This is the "unglamorous" but critical work, building the essential bridges between crypto and real-world finance. 3. **Acquiring/Distribution Layer:** Integrates stablecoins into merchant systems, manages payment flows, and provides enterprise financial software (e.g., Stripe, Coinbase). They act as the access point for businesses. 4. **Application Layer:** The end-users and businesses that ultimately use stablecoins for payments, settlements, or as a store of value. They benefit from convenience but have little pricing power. The core thesis is that while the issuance layer currently dominates profits, the often-overlooked **infrastructure layer holds significant long-term potential**. The real challenge and barrier to mass adoption is not the on-chain transfer of stablecoins (which is simple), but the complex "last mile" integration into existing business workflows, banking systems, and regulatory frameworks across different countries. Companies in this layer are currently in a "land grab" phase, investing heavily to build networks, secure bank partnerships, and establish compliance pathways. While their position is currently pressured by the profitable issuers above and distribution platforms below, the article suggests that if stablecoins become a default financial rail for businesses, the infrastructure providers who have done the hard work of integration will ultimately gain strong pricing power and become entrenched, essential players.

marsbit7h ago

The Value Distribution of Stablecoins

marsbit7h ago

The Value Distribution of Stablecoins

The Value Distribution of Stablecoins The article argues that stablecoins are evolving from a mere trading tool into a broad "dollar channel." It analyzes the industry's value chain through four layers: 1. **Issuance Layer (e.g., Tether, Circle):** The top layer that mints stablecoins, holds reserve assets, and captures the thickest interest rate spread. 2. **Infrastructure Layer (e.g., Bridge, BVNK):** Connects stablecoins to the traditional financial system, handling critical but complex "dirty work" like fiat on/off-ramps, banking integration, compliance (KYC/AML), and cross-border settlement. 3. **Acquiring/Distribution Layer (e.g., Stripe, Coinbase):** Embeds stablecoins into merchant systems, manages payment flows, and integrates with enterprise software. 4. **Application Layer:** End-users and businesses that ultimately use stablecoins for payments, settlement, or storing value. The author posits that while the issuance layer currently captures the most profit, the most overlooked and potentially critical layer is infrastructure. The core challenge for stablecoin adoption isn't the on-chain transfer (which is simple), but bridging the gap between blockchain and the real-world financial system. This involves solving practical problems for businesses: fiat conversion, reconciliation, tax handling, and user onboarding. Infrastructure companies are currently in a difficult "land-grab" phase—building networks, securing banking relationships, and achieving compliance country-by-country. They face pressure from both the profitable issuance layer above and distribution platforms below. However, the author suggests this layer is building a crucial moat. Once stablecoins become a default business rail, the infrastructure players who have done the hard work of integration may gain significant, durable value and pricing power.

链捕手7h ago

The Value Distribution of Stablecoins

链捕手7h ago

Why Is Nvidia Borrowing $20 Billion When It's Not Short of Cash?

Nvidia's recent announcement to issue at least $20 billion in senior notes, despite holding a strong cash position with over $48.6 billion in free cash flow last quarter, is not a sign of financial need. Instead, it represents a strategic move to leverage its high credit rating (recently upgraded to AA by S&P) to secure low-cost, long-term debt. This capital will support long-term AI infrastructure investments, data centers, R&D, supply chain prepayments, and strategic investments, while allowing the company to continue aggressive shareholder returns through stock buybacks and dividends. The decision reflects a mature capital management strategy: using debt to finance long-term growth assets is more efficient and less dilutive to shareholders than equity financing. It signals that Nvidia, like other tech giants (Alphabet, Meta, Amazon), is entering a new phase of heavy AI capital expenditure, shifting from a pure growth story to a story about capital allocation, credit strength, and long-term ecosystem positioning. The key question for investors is whether Nvidia can maintain its high cash flow generation and ensure that returns from these AI investments justify the cost of capital over the long term. The bond issuance amplifies its expansion capabilities but also ties its valuation more closely to the broader AI investment cycle's sustainability and profitability.

marsbit8h ago

Why Is Nvidia Borrowing $20 Billion When It's Not Short of Cash?

marsbit8h ago

Trading

Spot
Futures
活动图片