Social engineering accounts for majority of crypto TVL exploits in 2025, report shows

ambcryptoPublicado a 2025-12-26Actualizado a 2025-12-26

Resumen

In 2025, crypto theft and exploits have resulted in over $2.53 billion in losses, with broader theft estimates reaching up to $3.4 billion. Social engineering emerged as the dominant attack method, accounting for 55.3% ($1.39 billion) of total exploit-related value. Private key compromises represented 15% ($0.37 billion), while other techniques like infinite mint attacks and smart contract exploits made up the remainder. North Korea-linked hackers were the most prolific threat actors, responsible for at least $2.02 billion in stolen crypto, largely due to a $1.4 billion breach of the Bybit exchange. The data indicates a shift in exploitation focus from technical vulnerabilities to human and operational weaknesses, emphasizing the need for improved user security, key management, and operational safeguards rather than solely relying on code fixes.

Crypto theft and exploits have continued at historically high levels in 2025, with industry data showing more than $2.53 billion in losses linked to exploits this year — and broader theft figures pushing that total even higher, according to Sentora and a recent Chainalysis report.

Sentora’s latest chart on “Total TVL of Exploits 2025” breaks down how the losses occurred. It reveals that social engineering remains the dominant attack technique, accounting for 55.3 % [$1.39 billion] of exploit-related value taken so far.

Other techniques, such as private key compromise, infinite mint attacks, and smart contract exploits, together accounted for the remainder of losses.

Social engineering and human-centric attacks surge

The Sentora data highlights how the focus of exploitation has shifted. While smart contract bugs and protocol vulnerabilities remain significant concerns, social engineering now outweighs purely technical exploits by a substantial margin.

Private key compromises, which can be related to phishing, malware, or inadequate credential management, accounted for 15 % of exploit losses [$0.37 billion].

This highlights how adversaries are increasingly targeting human and operational weaknesses alongside traditional code flaws.

Industry-wide exploits tops $3B

Separate 2025 analysis by Chainalysis, corroborated by industry monitoring firms’ estimates, suggests that between $2.7 billion and $3.4 billion in cryptocurrency was stolen across all theft categories this year.

This includes large single-event breaches, personal wallet thefts, and other illicit activity.

North Korea–linked hackers again emerged as the most prolific threat actors. Chainalysis reported that at least $2.02 billion in stolen crypto this year was tied to DPRK-affiliated groups, a roughly 51% increase year-over-year from 2024 levels.

Much of this total stemmed from a record-setting exploit of the Bybit exchange, where attackers stole an estimated $1.4 billion in assets.

Exploit landscape evolving

Industry analysts say the broader trend reflects improvements in automated auditing, formal verification, and protocol safety tooling, making large smart contract vulnerabilities rarer.

Meanwhile, attackers have shifted toward tactics that exploit users and privileged access.

Chainalysis also noted a sharp increase in personal wallet thefts this year, with thousands of individual victims affected. However, those losses were smaller on a per-incident basis compared with large institutional hacks.

What this means for the ecosystem

Taken together, the data suggests that mitigating exploits in 2025 has less to do with fixing code and more to do with improving user security, key management practices, and operational hygiene across exchanges, custodians, and wallet providers.

Final Thoughts

Crypto losses in 2025 are being driven far more by human and operational failures than by smart contract bugs, with social engineering now the dominant attack vector.
As attackers increasingly bypass protocol code to target users, wallets, and access controls, improving user security and operational safeguards has become as critical as technical audits for reducing future losses.

Preguntas relacionadas

QAccording to the report, what percentage of the $2.53 billion in exploit-related losses in 2025 was attributed to social engineering?

A55.3% of the exploit-related losses, amounting to $1.39 billion, were attributed to social engineering.

QWhich country-linked hackers were identified as the most prolific threat actors in 2025, and how much stolen crypto were they responsible for?

ANorth Korea-linked hackers were the most prolific threat actors, responsible for at least $2.02 billion in stolen cryptocurrency, a roughly 51% increase from 2024.

QWhat was the estimated total range of cryptocurrency stolen across all theft categories in 2025, according to Chainalysis and industry monitoring firms?

AThe estimated total range of cryptocurrency stolen across all theft categories in 2025 was between $2.7 billion and $3.4 billion.

QBesides social engineering, what were the other techniques mentioned that contributed to the exploit losses?

AOther techniques contributing to the losses included private key compromise, infinite mint attacks, and smart contract exploits.

QWhat does the data suggest is the primary focus for mitigating exploits in 2025, according to the article's conclusion?

AThe data suggests that mitigating exploits in 2025 has less to do with fixing code and more to do with improving user security, key management practices, and operational hygiene across exchanges, custodians, and wallet providers.

Lecturas Relacionadas

Virtuals Is Not Really Doing AI Agent, But the Capital Market for AI Agent

Virtuals is not fundamentally an AI Agent platform, but a capital market for AI Agents. Its core innovation is transforming AI Agents from functional tools into tradable assets that can be issued, owned, traded, and community-driven. This creates a Crypto-native growth model: narrative drives asset creation, speculation fuels initial distribution, and community members become stakeholders, fostering viral spread. The project is evolving beyond being a simple launchpad. Through its Agent Commerce Protocol (ACP), it aims to build a commercial network where Agents can collaborate, provide services, and settle payments on-chain. The concept of "Agentic GDP" (aGDP) is introduced to measure this ecosystem's economic activity. While early growth was heavily fueled by speculation and a Base chain ecosystem, Virtuals now faces a critical juncture. Market attention is shifting from its ability to generate hype to its capacity to foster real, sustainable commercial activity among Agents. Its long-term success hinges on proving that these tokenized Agents can form a genuinely productive and autonomous economy, moving beyond being merely high-volatility AI assets.

marsbitHace 8 min(s)

Virtuals Is Not Really Doing AI Agent, But the Capital Market for AI Agent

marsbitHace 8 min(s)

From Presale to Public Markets, Ozak AI’s Pricing Gap Represents a 100x Upside Rarely Seen in New AI Tokens

Ozak AI is generating significant investor interest ahead of its public market launch. Currently priced at $0.014 in its final presale phase, the token has already seen a 1,300% increase from its initial price. With over $7 million raised and a fixed listing price of $1, early investors could see returns of up to 71x, with potential for 100x growth if post-launch momentum continues. The project is a predictive AI platform combining AI and blockchain to provide market forecasts and trading strategies. Its ecosystem includes 24/7 Predictive Agents, secure Data Vaults for user information, and a native $OZ token for accessing features, staking, and rewards. A recent partnership with AImstrong aims to enhance DeFi performance through predictive yield strategies and risk management. As Ozak AI transitions from presale to public trading, its current pricing represents a notable gap compared to its anticipated market potential, positioning it as a highly watched new AI token.

TheNewsCryptoHace 12 min(s)

From Presale to Public Markets, Ozak AI’s Pricing Gap Represents a 100x Upside Rarely Seen in New AI Tokens

TheNewsCryptoHace 12 min(s)

The AI Agent Era Accelerates Its Arrival: Questflow Defines a New Paradigm of Financial Intelligence with On-Chain AI Brokerage

The AI Agent era is accelerating, with the CB Insights AI 100 list highlighting global investment confidence. The focus has shifted from whether AI works to its speed of deployment and ability to manage complex workflows, with autonomous AI Agents driving this transformation. At the forefront is Questflow, a Singapore-based startup redefining financial intelligence through its on-chain AI brokerage. Unlike tools that merely provide data dashboards, Questflow deploys AI Agents that proactively scan markets, form judgments, and execute trades via a conversational interface—operating 24/7 without requiring manual confirmation for each decision. This embodies the new AI paradigm of agents capable of executing multi-step workflows autonomously. Questflow's mission is to democratize institutional-grade trading intelligence. Historically reserved for the ultra-wealthy, this capability is now accessible starting from just $1 through Questflow's "AI Clone + Copy Trade" model. The platform charges only a 1% execution fee, aligning its incentives directly with users and eliminating traditional management or performance fees. The timing is opportune, aligning with key trends identified by CB Insights: the scalable deployment of AI Agents, accelerated AI adoption in financial services, and the maturation of on-chain infrastructure. With robust liquidity on platforms like Hyperliquid and Polymarket, alongside advancements in AI reasoning and non-custodial wallet security, Questflow is positioned to merge the roles of broker, fund, and exchange into a single, accessible platform for millions.

链捕手Hace 36 min(s)

The AI Agent Era Accelerates Its Arrival: Questflow Defines a New Paradigm of Financial Intelligence with On-Chain AI Brokerage

链捕手Hace 36 min(s)

Why Pricing Social Interactions is Doomed to Fail?

Titled "Why Putting a Price on Social Interaction Is Doomed to Fail," this article critiques attempts to monetize social networks directly through SocialFi models, arguing their inevitable failure stems from a fundamental misunderstanding of media dynamics. Using Marshall McLuhan's theory of "hot" and "cold" media, the author posits that social networks are inherently "cold" media. Their value isn't contained in individual posts but is co-created through user participation, interpretation, and fragmented, ongoing interaction (e.g., replies, shares). This ambiguity and need for user involvement are core to their function. The article asserts that SocialFi projects like Friend.tech failed because introducing real-time, tradable financial pricing (a definitive "hot" signal) into this "cold" environment doesn't add a layer—it replaces the medium's essence. The unambiguous price signal overshadows and nullifies the nuanced, participatory social signal. Users become traders, not participants, and when speculative profits vanish, the underlying social ecosystem—never genuinely cultivated—collapses entirely. This principle extends beyond crypto. The author argues platforms like Twitter have gradually "heated up" through metrics (likes, retweets counts, algorithmically defined value), shifting users from participants to performers and eroding organic engagement. The solution isn't to abandon capital but to manage its entry point. Successful models like Substack, Patreon, or Bandcamp allow capital to "condense" at specific, isolated nodes (e.g., subscriptions, one-time payments) without permeating and "heating" every social interaction. They preserve the core "cold," participatory medium while enabling monetization at designated boundaries. The NFT boom and bust serves as a stark parallel: the ancient "cold" medium of collecting (valued for story, community, gradual accumulation) was rapidly destroyed by platforms that introduced real-time floor prices, rarity scores, and trading dashboards, transforming collectors into speculators and vaporizing cultural value when prices fell. The core lesson: "Liquidity equals heat." Injecting high liquidity and definitive pricing into a "cold" participatory medium doesn't optimize it; it fundamentally alters and destroys its value-creating mechanism. The future lies not in pricing every social gesture but in finding precise, non-invasive points for capital to condense without overheating the entire ecosystem.

marsbitHace 44 min(s)

Why Pricing Social Interactions is Doomed to Fail?

marsbitHace 44 min(s)

Trump Media’s Crypto Bet Implodes With Massive $406M Quarterly Loss

Trump Media & Technology Group, parent company of Truth Social, reported a massive $406 million net loss in Q1 2026, sharply up from $31.7 million a year earlier. The collapse was driven primarily by $370 million in unrealized losses from digital asset investments. These include a $61 million loss on 756 million Cronos tokens and a nearly $500 million gap on 9,542 Bitcoin purchased near the 2025 market peak, though Bitcoin's recent recovery has reduced that paper loss. Adding to turmoil, CEO Devin Nunes resigned in late April. Meanwhile, the company's core media revenue was only $871,200, a minimal increase. Despite the financial losses, the company generated $18 million in operating cash flow by selling options on its pledged Bitcoin holdings. Its stock, once valued at over $97, now trades around $9, reflecting a more than 90% decline from its 2022 peak.

bitcoinistHace 50 min(s)

Trump Media’s Crypto Bet Implodes With Massive $406M Quarterly Loss

bitcoinistHace 50 min(s)

Trading

Spot

Futuros