Crypto hack counts fall but supply chain attacks reshape threat landscape

cointelegraphPublicado em 2025-12-23Última atualização em 2025-12-23

Resumo

New data from CertiK reveals that while crypto hackers stole $3.3 billion in 2025, the number of attacks fell sharply. Losses were concentrated in fewer, more damaging supply-chain attacks, which accounted for $1.45 billion across just two incidents, including the $1.4 billion Bybit hack. This shift indicates attackers are moving away from simple code vulnerabilities toward more sophisticated infrastructure-level exploits. The number of security incidents decreased by 162 year-over-year, suggesting improved protocol-level security. The median loss per hack fell 35.75% to $103,966, though the average loss rose to $5.3 million due to high-value outliers. Phishing scams were the second-largest threat, costing $722 million across 248 incidents. A significant subset was "pig butchering" romance scams, which used prolonged emotional manipulation and cost the industry $5.5 billion in 2024.

Crypto hackers stole $3.3 billion in 2025, but the number of attacks fell sharply as losses became concentrated in fewer, more sophisticated supply-chain exploits, according to new data from blockchain security firm CertiK shared with Cointelegraph.

While total losses remained elevated, the decline in incident counts and a drop in median theft sizes suggest that protocol-level security is improving, pushing attackers away from simple code vulnerabilities and toward phishing and infrastructure-level attacks.

CertiK said supply-chain breaches emerged as the most damaging threat, accounting for $1.45 billion in losses across just two incidents, including the $1.4 billion Bybit hack in February.

"The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem," the report said, predicting a rise in the “sophistication” of supply chain attacks as attackers target more infrastructure providers.

*Crypto hacks by amount and incident, yearly chart. Source: CertiK*

Related: Soulja Boy token sparks backlash after Base co-founder posts purchase receipt

The number of security incidents decreased by 162 counts year-over-year, indicating that blockchain cybersecurity measures are improving despite hackers aiming for larger targets.

The average amount lost per hack stood at $5.3 million, a 66% increase from the previous year. However, the median loss — a measure less influenced by outlier incidents — fell to $103,966, down 35.75% over the same period.

*Cryptop hacks by incident type and amount of losses, one-year chart. Source: CertiK*

Related: Solana AI token Ava hit by launch sniping tied to deployer: Bubblemaps

Code vulnerabilities fade as “pig butchering” scams threaten crypto savings

Phishing scams became the second-largest threat, costing crypto investors a cumulative $722 million across 248 incidents.

Recently, an investor lost their entire Bitcoin (BTC) retirement fund in an artificial intelligence-fueled romance scam, also known as a "pig butchering" scam, where the con artists used prolonged emotional manipulation to convince the investors to transfer their funds.

*Pig butchering victim stats, grooming time. Source: Cyvers*

Pig butchering scams are a subset of phishing scams that cost the industry a collective $5.5 billion in 2024, across 200,000 individual cases.

Notably, the average grooming period for victims is between one and two weeks in 35% of cases, while 10% of scams involve grooming periods of up to three months, according to blockchain security platform Cyvers.

In June, the US Department of Justice announced the seizure of over $225 million in crypto linked to pig butchering scams.

Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why

Perguntas relacionadas

QAccording to CertiK's data, what was the total amount stolen by crypto hackers in 2025 and what was the most damaging type of attack?

ACrypto hackers stole a total of $3.3 billion in 2025. The most damaging type of attack was supply-chain breaches, which accounted for $1.45 billion in losses.

QWhat does the report suggest about the trend in protocol-level security based on the decline in incident counts and median theft sizes?

AThe decline in incident counts and the drop in median theft sizes suggest that protocol-level security is improving. This is pushing attackers away from simple code vulnerabilities and toward more sophisticated methods like phishing and infrastructure-level attacks.

QWhat was the average amount lost per hack and how much did it change from the previous year?

AThe average amount lost per hack stood at $5.3 million, which was a 66% increase from the previous year.

QWhat are 'pig butchering' scams and how much did they cost the industry in 2024?

A'Pig butchering' scams are a subset of phishing scams that involve prolonged emotional manipulation to convince victims to transfer their funds. They cost the industry a collective $5.5 billion in 2024 across 200,000 individual cases.

QWhat significant action did the US Department of Justice take regarding pig butchering scams in June?

AIn June, the US Department of Justice announced the seizure of over $225 million in cryptocurrency that was linked to pig butchering scams.

Leituras Relacionadas

Google and Amazon Simultaneously Invest Heavily in a Competitor: The Most Absurd Business Logic of the AI Era Is Becoming Reality

In a span of four days, Amazon announced an additional $25 billion investment, and Google pledged up to $40 billion—both direct competitors pouring over $65 billion into the same AI startup, Anthropic. Rather than a typical venture capital move, this signals the latest escalation in the cloud wars. The core of the deal is not equity but compute pre-orders: Anthropic must spend the majority of these funds on AWS and Google Cloud services and chips, effectively locking in massive future compute consumption. This reflects a shift in cloud market dynamics—enterprises now choose cloud providers based on which hosts the best AI models, not just price or stability. With OpenAI deeply tied to Microsoft, Anthropic’s Claude has become the only viable strategic asset for Google and Amazon to remain competitive. Anthropic’s annualized revenue has surged to $30 billion, and it is expanding into verticals like biotech, positioning itself as a cross-industry AI infrastructure layer. However, this funding comes with constraints: Anthropic’s independence is challenged as it balances two rival investors, its safety-first narrative faces pressure from regulatory scrutiny, and its path to IPO introduces new financial pressures. Globally, this accelerates a "tri-polar" closed-loop structure in AI infrastructure, with Microsoft-OpenAI, Google-Anthropic, and Amazon-Anthropic forming exclusive model-cloud alliances. In contrast, China’s landscape differs—investments like Alibaba and Tencent backing open-source model firm DeepSeek reflect a more decoupled approach, though closed-source models from major cloud providers still dominate. The $65 billion bet is ultimately about securing a seat at the table in an AI-defined future—where missing the model layer means losing the cloud war.

marsbitHá 1h

Google and Amazon Simultaneously Invest Heavily in a Competitor: The Most Absurd Business Logic of the AI Era Is Becoming Reality

marsbitHá 1h

Computing Power Constrained, Why Did DeepSeek-V4 Open Source?

DeepSeek-V4 has been released as a preview open-source model, featuring 1 million tokens of context length as a baseline capability—previously a premium feature locked behind enterprise paywalls by major overseas AI firms. The official announcement, however, openly acknowledges computational constraints, particularly limited service throughput for the high-end DeepSeek-V4-Pro version due to restricted high-end computing power. Rather than competing on pure scale, DeepSeek adopts a pragmatic approach that balances algorithmic innovation with hardware realities in China’s AI ecosystem. The V4-Pro model uses a highly sparse architecture with 1.6T total parameters but only activates 49B during inference. It performs strongly in agentic coding, knowledge-intensive tasks, and STEM reasoning, competing closely with top-tier closed models like Gemini Pro 3.1 and Claude Opus 4.6 in certain scenarios. A key strategic product is the Flash edition, with 284B total parameters but only 13B activated—making it cost-effective and accessible for mid- and low-tier hardware, including domestic AI chips from Huawei (Ascend), Cambricon, and Hygon. This design supports broader adoption across developers and SMEs while stimulating China's domestic semiconductor ecosystem. Despite facing talent outflow and intense competition in user traffic—with rivals like Doubao and Qianwen leading in monthly active users—DeepSeek has maintained technical momentum. The release also comes amid reports of a new funding round targeting a valuation exceeding $10 billion, potentially setting a new record in China’s LLM sector. Ultimately, DeepSeek-V4 represents a shift toward open yet realistic infrastructure development in the constrained compute landscape of Chinese AI, emphasizing engineering efficiency and domestic hardware compatibility over pure model scale.

marsbitHá 2h

Computing Power Constrained, Why Did DeepSeek-V4 Open Source?

marsbitHá 2h

Memecoin Millionaires Line Up For Trump’s Exclusive Luncheon

A crypto investor paid only $500 to attend an exclusive luncheon with former President Donald Trump at Mar-a-Lago, reflecting a significant decline in enthusiasm compared to previous events. The TRUMP memecoin has lost over 93% of its value since its peak, falling from around $45 to under $3. Despite the collapse, nearly 300 top holders are expected to attend the gathering, which critics argue is an attempt to buy access to the president. Notable attendees include key figures from the industry like Tether CEO Paolo Ardoino and Bitcoin advocate Anthony Pompliano. However, Tron founder Justin Sun, the largest holder of the token, is absent amid a lawsuit against a crypto platform co-founded by Trump’s sons. Ethics watchdogs have raised concerns about conflicts of interest and lack of financial transparency.

bitcoinistHá 6h

Memecoin Millionaires Line Up For Trump’s Exclusive Luncheon

bitcoinistHá 6h

Why Bitcoin Price Failed To Breach $80K: An On-Chain Deep Dive

Bitcoin's price recently surged to a three-month high above $79,000 but struggled to break the $80,000 resistance. According to on-chain analysis, a key reason is the "True Market Mean Price," a metric representing the average cost basis of active market participants, which acted as a strong resistance level. Additionally, a shift in market sentiment toward FOMO (fear of missing out) and euphoria signaled caution among traders. Analysts suggest that a confirmed breakout would require holding above this level for about three days. As of the latest data, BTC is trading around $77,588.

bitcoinistHá 7h

Why Bitcoin Price Failed To Breach $80K: An On-Chain Deep Dive

bitcoinistHá 7h

XRP And Bitcoin Investors Are ‘Trapped’, But Is There A Way Out?

Crypto analyst RWA Investor claims that both XRP and Bitcoin short sellers are currently 'trapped.' He outlines a potential roadmap for XRP to reach a new all-time high of $7. The prediction involves XRP first breaking the $1.50-$1.60 range to rally to $2-$3, followed by a major pullback. A third wave is then expected to emerge, culminating in a final bear trap before a massive short squeeze propels the price to the $7 target. The analyst attributes this anticipated rally to Federal Reserve rate cuts and quantitative easing. Separately, analyst CasiTrades suggests XRP move to the $1.50-$1.53 range is still possible if Bitcoin approaches $79,900, provided XRP holds the $1.39 support level.

bitcoinistHá 8h

XRP And Bitcoin Investors Are ‘Trapped’, But Is There A Way Out?