Social engineering accounts for majority of crypto TVL exploits in 2025, report shows

ambcryptoPubblicato 2025-12-26Pubblicato ultima volta 2025-12-26

Introduzione

In 2025, crypto theft and exploits have resulted in over $2.53 billion in losses, with broader theft estimates reaching up to $3.4 billion. Social engineering emerged as the dominant attack method, accounting for 55.3% ($1.39 billion) of total exploit-related value. Private key compromises represented 15% ($0.37 billion), while other techniques like infinite mint attacks and smart contract exploits made up the remainder. North Korea-linked hackers were the most prolific threat actors, responsible for at least $2.02 billion in stolen crypto, largely due to a $1.4 billion breach of the Bybit exchange. The data indicates a shift in exploitation focus from technical vulnerabilities to human and operational weaknesses, emphasizing the need for improved user security, key management, and operational safeguards rather than solely relying on code fixes.

Crypto theft and exploits have continued at historically high levels in 2025, with industry data showing more than $2.53 billion in losses linked to exploits this year — and broader theft figures pushing that total even higher, according to Sentora and a recent Chainalysis report.

Sentora’s latest chart on “Total TVL of Exploits 2025” breaks down how the losses occurred. It reveals that social engineering remains the dominant attack technique, accounting for 55.3 % [$1.39 billion] of exploit-related value taken so far.

Other techniques, such as private key compromise, infinite mint attacks, and smart contract exploits, together accounted for the remainder of losses.

Social engineering and human-centric attacks surge

The Sentora data highlights how the focus of exploitation has shifted. While smart contract bugs and protocol vulnerabilities remain significant concerns, social engineering now outweighs purely technical exploits by a substantial margin.

Private key compromises, which can be related to phishing, malware, or inadequate credential management, accounted for 15 % of exploit losses [$0.37 billion].

This highlights how adversaries are increasingly targeting human and operational weaknesses alongside traditional code flaws.

Industry-wide exploits tops $3B

Separate 2025 analysis by Chainalysis, corroborated by industry monitoring firms’ estimates, suggests that between $2.7 billion and $3.4 billion in cryptocurrency was stolen across all theft categories this year.

This includes large single-event breaches, personal wallet thefts, and other illicit activity.

North Korea–linked hackers again emerged as the most prolific threat actors. Chainalysis reported that at least $2.02 billion in stolen crypto this year was tied to DPRK-affiliated groups, a roughly 51% increase year-over-year from 2024 levels.

Much of this total stemmed from a record-setting exploit of the Bybit exchange, where attackers stole an estimated $1.4 billion in assets.

Exploit landscape evolving

Industry analysts say the broader trend reflects improvements in automated auditing, formal verification, and protocol safety tooling, making large smart contract vulnerabilities rarer.

Meanwhile, attackers have shifted toward tactics that exploit users and privileged access.

Chainalysis also noted a sharp increase in personal wallet thefts this year, with thousands of individual victims affected. However, those losses were smaller on a per-incident basis compared with large institutional hacks.

What this means for the ecosystem

Taken together, the data suggests that mitigating exploits in 2025 has less to do with fixing code and more to do with improving user security, key management practices, and operational hygiene across exchanges, custodians, and wallet providers.

Final Thoughts

Crypto losses in 2025 are being driven far more by human and operational failures than by smart contract bugs, with social engineering now the dominant attack vector.
As attackers increasingly bypass protocol code to target users, wallets, and access controls, improving user security and operational safeguards has become as critical as technical audits for reducing future losses.

Domande pertinenti

QAccording to the report, what percentage of the $2.53 billion in exploit-related losses in 2025 was attributed to social engineering?

A55.3% of the exploit-related losses, amounting to $1.39 billion, were attributed to social engineering.

QWhich country-linked hackers were identified as the most prolific threat actors in 2025, and how much stolen crypto were they responsible for?

ANorth Korea-linked hackers were the most prolific threat actors, responsible for at least $2.02 billion in stolen cryptocurrency, a roughly 51% increase from 2024.

QWhat was the estimated total range of cryptocurrency stolen across all theft categories in 2025, according to Chainalysis and industry monitoring firms?

AThe estimated total range of cryptocurrency stolen across all theft categories in 2025 was between $2.7 billion and $3.4 billion.

QBesides social engineering, what were the other techniques mentioned that contributed to the exploit losses?

AOther techniques contributing to the losses included private key compromise, infinite mint attacks, and smart contract exploits.

QWhat does the data suggest is the primary focus for mitigating exploits in 2025, according to the article's conclusion?

AThe data suggests that mitigating exploits in 2025 has less to do with fixing code and more to do with improving user security, key management practices, and operational hygiene across exchanges, custodians, and wallet providers.

Letture associate

iQiyi Is Too Impatient

The article "iQiyi Is Too Impatient" discusses the controversy surrounding the Chinese streaming platform IQiyi's recent announcement of an "AI Actor Library" during its 2026 World Conference. IQiyi claimed over 100 actors, including well-known names like Zhang Ruoyun and Yu Hewei, had joined the initiative. CEO Gong Yu suggested AI could enable actors to "star in 14 dramas a year instead of 4" and that "live-action filming might become a world cultural heritage." The announcement quickly sparked backlash. Multiple actors named in the list issued urgent statements denying they had signed any AI-related authorization agreements. This forced IQiyi to clarify that inclusion in the library only indicated a willingness to *consider* AI projects, with separate negotiations required for any specific role. The incident, which trended on social media with hashtags like "IQiyi is crazy," is presented as a sign of the company's growing desperation. Facing intense competition from short-video platforms like Douyin and Kuaishou, as well as Bilibili and Xiaohongshu, IQiyi's financial performance has weakened, with revenues declining for two consecutive years. The author argues that IQiyi is "too impatient" to tell a compelling AI story to reassure the market, especially as it pursues a listing on the Hong Kong stock exchange. The piece concludes by outlining three key "AI questions" IQiyi must answer: defining its role as a tool provider versus a content creator, balancing the "coldness" of AI with the human element audiences desire, and properly managing the interests of platforms, actors, and viewers. The core dilemma is that while AI can reduce costs and increase efficiency, it risks creating homogenized, formulaic content and devaluing human performers.

marsbit51 min fa

Jensen Huang Publicly Challenges Google and Amazon, Is the Chip Business Entirely Sustained by Anthropic?

In a candid interview, Nvidia CEO Jensen Huang challenged competitors like Google and Amazon, admitted past strategic errors, and criticized U.S. export controls on AI chips. He framed Nvidia’s role as turning “electricity in, tokens out,” emphasizing the complexity and value of AI inference. Huang dismissed rival custom chips like Google’s TPU and Amazon’s Trainium as inflexible and niche, claiming their growth relies heavily on clients like Anthropic. He also acknowledged missing early investment opportunities in OpenAI and Anthropic. On China, Huang warned that export restrictions risk pushing the country toward self-sufficiency and could cost U.S. leadership in AI. Finally, he explained Nvidia’s acquisition of Groq as a move to serve premium, low-latency token markets. Throughout, Huang emphasized ecosystem trust and Nvidia’s central role in global AI infrastructure.

marsbit56 min fa

Jensen Huang Publicly Challenges Google and Amazon, Is the Chip Business Entirely Sustained by Anthropic?

marsbit56 min fa

ARK's SpaceX IPO Investment Guide: $1.75 Trillion Valuation, 95x Price-to-Sales Ratio, Where Is the Money Going?

ARK Invest, a major investor in SpaceX, provides an analysis following SpaceX's confidential IPO filing on April 1, 2026, targeting a $1.75 trillion valuation and up to $75 billion in funding for a Nasdaq listing around June 2026. This would be the largest IPO in history. The valuation implies a price-to-sales ratio of ~95x based on ~$18.5B in projected 2025 revenue. ARK argues this reflects future potential, not current reality. Key drivers include Starlink, with over 10M users and $20B+ in 2026 revenue, launch services which have reduced costs by ~95% since 2008, and the strategic merger with xAI in February 2026, enabling vertically integrated AI and orbital computing. ARK’s investment thesis is based on SpaceX's proven execution of ambitious goals, like reusable rockets and global satellite internet. The firm notes that significant value creation often occurs pre-IPO, and its Venture Fund offers exposure to SpaceX’s earlier private stages. Post-IPO, the fund will manage the position per standard lock-up and rebalancing processes, maintaining flexibility to reinvest in other private innovations. The analysis is based on public estimates and ARK research; the S-1 filing is not yet public. This is not investment advice.

marsbit58 min fa

ARK's SpaceX IPO Investment Guide: $1.75 Trillion Valuation, 95x Price-to-Sales Ratio, Where Is the Money Going?

marsbit58 min fa

Stablecoin Hype Overblown? Moody’s Says Banks Aren’t In Danger

The article discusses the legislative stalemate in the US over the Digital Asset Market Clarity Act of 2025 (CLARITY Act), which aims to regulate crypto assets. A key point of contention is whether stablecoins should be allowed to pay interest, with crypto companies opposing a ban and banks supporting it. Moody's analyst Abhi Srivastava states that, for now, stablecoins do not pose a significant threat to traditional banks due to existing efficient payment systems and the current prohibition on yield-bearing stablecoins. This limits their appeal for pulling deposits from banks at scale. However, with the stablecoin market cap exceeding $300 billion and growth in tokenized assets, banks could face future pressure from deposit outflows. The crypto industry warns that failure to pass the bill could lead to stricter regulatory crackdowns. Negotiations continue with little progress, despite both sides desiring a resolution.

bitcoinist1 h fa

Stablecoin Hype Overblown? Moody’s Says Banks Aren’t In Danger

bitcoinist1 h fa

Not a Price Hike, but a Supply Cut? Oil Prices Have Crossed the Tipping Point

The global oil market has passed a critical point, shifting the focus from price increases to potential physical supply shortages. The core issue is a time mismatch: even if the Strait of Hormuz reopens, shipping disruptions have already caused significant delays, which will continue to deplete onshore crude inventories for weeks. Refinery behavior acts as an amplifier. Reduced runs in Asia and Europe don’t reflect weaker demand but instead shrink product inventories, raising fuel prices and refining margins, which in turn encourages higher runs—creating a self-reinforcing cycle. If the Strait remains closed beyond April, traditional pricing models may fail. The market could face an unprecedented physical shortfall of 11-13 million barrels per day—roughly four times historical disruption levels. In such a scenario, price becomes an inadequate balancing tool. The only way to rebalance the market would be policy-driven demand destruction, similar to COVID-era lockdowns. Current prices around $95/barrel are insufficient to balance the market. Key signals to watch include inventory levels, policy announcements, and the pace of involuntary demand contraction. Geopolitically, the situation appears likely to worsen before improving, with little room for compromise between the US and Iran.

marsbit3 h fa

Not a Price Hike, but a Supply Cut? Oil Prices Have Crossed the Tipping Point

marsbit3 h fa

Trading

Spot

Futures