Crypto hack counts fall but supply chain attacks reshape threat landscape

cointelegraphPublicado em 2025-12-23Última atualização em 2025-12-23

Resumo

New data from CertiK reveals that while crypto hackers stole $3.3 billion in 2025, the number of attacks fell sharply. Losses were concentrated in fewer, more damaging supply-chain attacks, which accounted for $1.45 billion across just two incidents, including the $1.4 billion Bybit hack. This shift indicates attackers are moving away from simple code vulnerabilities toward more sophisticated infrastructure-level exploits. The number of security incidents decreased by 162 year-over-year, suggesting improved protocol-level security. The median loss per hack fell 35.75% to $103,966, though the average loss rose to $5.3 million due to high-value outliers. Phishing scams were the second-largest threat, costing $722 million across 248 incidents. A significant subset was "pig butchering" romance scams, which used prolonged emotional manipulation and cost the industry $5.5 billion in 2024.

Crypto hackers stole $3.3 billion in 2025, but the number of attacks fell sharply as losses became concentrated in fewer, more sophisticated supply-chain exploits, according to new data from blockchain security firm CertiK shared with Cointelegraph.

While total losses remained elevated, the decline in incident counts and a drop in median theft sizes suggest that protocol-level security is improving, pushing attackers away from simple code vulnerabilities and toward phishing and infrastructure-level attacks.

CertiK said supply-chain breaches emerged as the most damaging threat, accounting for $1.45 billion in losses across just two incidents, including the $1.4 billion Bybit hack in February.

"The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem," the report said, predicting a rise in the “sophistication” of supply chain attacks as attackers target more infrastructure providers.

*Crypto hacks by amount and incident, yearly chart. Source: CertiK*

Related: Soulja Boy token sparks backlash after Base co-founder posts purchase receipt

The number of security incidents decreased by 162 counts year-over-year, indicating that blockchain cybersecurity measures are improving despite hackers aiming for larger targets.

The average amount lost per hack stood at $5.3 million, a 66% increase from the previous year. However, the median loss — a measure less influenced by outlier incidents — fell to $103,966, down 35.75% over the same period.

*Cryptop hacks by incident type and amount of losses, one-year chart. Source: CertiK*

Related: Solana AI token Ava hit by launch sniping tied to deployer: Bubblemaps

Code vulnerabilities fade as “pig butchering” scams threaten crypto savings

Phishing scams became the second-largest threat, costing crypto investors a cumulative $722 million across 248 incidents.

Recently, an investor lost their entire Bitcoin (BTC) retirement fund in an artificial intelligence-fueled romance scam, also known as a "pig butchering" scam, where the con artists used prolonged emotional manipulation to convince the investors to transfer their funds.

*Pig butchering victim stats, grooming time. Source: Cyvers*

Pig butchering scams are a subset of phishing scams that cost the industry a collective $5.5 billion in 2024, across 200,000 individual cases.

Notably, the average grooming period for victims is between one and two weeks in 35% of cases, while 10% of scams involve grooming periods of up to three months, according to blockchain security platform Cyvers.

In June, the US Department of Justice announced the seizure of over $225 million in crypto linked to pig butchering scams.

Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why

Perguntas relacionadas

QAccording to CertiK's data, what was the total amount stolen by crypto hackers in 2025 and what was the most damaging type of attack?

ACrypto hackers stole a total of $3.3 billion in 2025. The most damaging type of attack was supply-chain breaches, which accounted for $1.45 billion in losses.

QWhat does the report suggest about the trend in protocol-level security based on the decline in incident counts and median theft sizes?

AThe decline in incident counts and the drop in median theft sizes suggest that protocol-level security is improving. This is pushing attackers away from simple code vulnerabilities and toward more sophisticated methods like phishing and infrastructure-level attacks.

QWhat was the average amount lost per hack and how much did it change from the previous year?

AThe average amount lost per hack stood at $5.3 million, which was a 66% increase from the previous year.

QWhat are 'pig butchering' scams and how much did they cost the industry in 2024?

A'Pig butchering' scams are a subset of phishing scams that involve prolonged emotional manipulation to convince victims to transfer their funds. They cost the industry a collective $5.5 billion in 2024 across 200,000 individual cases.

QWhat significant action did the US Department of Justice take regarding pig butchering scams in June?

AIn June, the US Department of Justice announced the seizure of over $225 million in cryptocurrency that was linked to pig butchering scams.

Leituras Relacionadas

Apple Also Has to Pay Rent Now

Apple Pays Rent Too: The Two-Way Flow of "Traffic Tax" and "AI Capability Rent" Between Tech Giants For over two decades, Google has paid Apple an estimated $20 billion annually to remain the default search engine on Safari, a "traffic tax" for a critical user entry point. However, in 2026, the direction of this cash flow partially reversed. Apple agreed to pay Google roughly $1 billion per year to license its Gemini AI models, as Apple's own models reportedly struggled with complex tasks. This creates a unique dynamic: Apple acts as the "landlord" in the established search ecosystem, collecting rent from Google for access. Simultaneously, in the emerging AI arena, Apple becomes the "tenant," paying Google for access to cutting-edge AI capabilities it cannot currently match internally. While Apple claims its new models are "distilled" from Gemini outputs and contain "not a drop" of Google's original code, core dependencies remain. Its knowledge base is refined using Gemini's outputs, and its most powerful cloud model runs on Google's infrastructure. Apple has structured the deal as non-exclusive, allowing it to theoretically switch AI suppliers—a hedge against over-reliance. The future hinges on whether advanced AI models become a commodity (cheap and abundant) or remain a concentrated, scarce resource (expensive and controlled by few). Apple is betting on the former, leveraging its massive device ecosystem to be a powerful, choosy customer. If the latter proves true, its bargaining power could erode. This power dynamic is extending to developers. Apple, Google, and WeChat are all pushing for apps to expose their core functions as standardized "actions" or "intents" that their respective AI assistants (Siri, Gemini, WeChat AI) can directly call. The new scarce resource is no longer just app store visibility, but "being selected by the AI." The currency of "rent" has changed from a 30% revenue share to ceding control over how users interact with an app's functions.

marsbitHá 27m

marsbitHá 27m

Missed the SpaceX IPO? WEEX's "First Trade Protection" Lets You Experience US Stock Trading Risk-Free.

With the excitement around SpaceX's recent public listing reigniting interest in the US stock market, Chinese investors face significant challenges accessing compliant and convenient trading channels following regulatory actions against major online brokers. This article explores the available options, highlighting their risks and limitations. Traditional paths for US stock investments remain problematic. Qualified Domestic Institutional Investor (QDII) and Listed Open-Ended Fund (LOF) products, while compliant, suffer from high fees, significant purchase premiums, and a very limited selection of assets. Small, unregulated offshore brokers pose substantial risks, including potential insolvency. While secure, VIP accounts at banks in Hong Kong or Singapore require high minimum deposits (often 1-2 million RMB) and in-person visits, placing them out of reach for most retail investors. The article positions cryptocurrency exchanges, specifically their TradFi (traditional finance on-chain) offerings, as a compelling alternative. Platforms like WEEX are noted for providing access to a wide range of US stocks and ETFs, including SpaceX (SPCXON), through tokenized assets. This method offers advantages such as a single account for both crypto and traditional assets, USDT-based settlement avoiding fiat complexities, flexible leverage, and robust risk management. To attract users, WEEX is promoting a "First Trade Guarantee" campaign. Running from June 15 to July 8 (UTC+8), it features a $30,000 prize pool. Users who trade $500 worth of US stock contracts can qualify for a guarantee on their first eligible trade: 100% loss coverage up to $30 or a 20% bonus on profits up to $30. The campaign is presented as a low-risk opportunity for both crypto natives and traditional investors to experience US stock trading.

marsbitHá 28m

Missed the SpaceX IPO? WEEX's "First Trade Protection" Lets You Experience US Stock Trading Risk-Free.

marsbitHá 28m

How Difficult is Chip Making? A Division Error Costs 475 Million Dollars

How Hard Is It to Make a Chip? A Division Error Cost $475 Million Chip expert Shi Kan, a researcher at the Chinese Academy of Sciences and a popular tech creator, explains the immense challenges of chip development. Chips are foundational to modern technology, but their creation is extraordinarily difficult. The journey from sand to a functional chip involves complex design and manufacturing, but a critical bottleneck is verification—ensuring the design works flawlessly before costly production. A single, undetected bug can have catastrophic consequences, as illustrated by the infamous 1994 Intel Pentium FDIV bug. A flaw in the floating-point division unit forced a recall costing $475 million. Unlike software, chips cannot be easily patched after manufacture, making "first-time success" paramount. However, industry surveys show only 24% of chip projects achieve this; over three-quarters require at least one costly re-spin due to design flaws. Verification has thus become the dominant phase, consuming up to 70% of the design cycle. The core challenge is a "verification impossible triangle" between high performance, good debuggability, and low cost. Exhaustively verifying a modern CPU core could take 15,000 years with software simulation, or 30 years with advanced hardware emulation—timeframes utterly impractical for development. Despite being essential, verification is often seen as unglamorous "dirty work," receiving less academic attention than fields like AI. Shi and his team are tackling this by developing an agile verification research framework called ENCORE, based on FPGA technology, to improve verification efficiency and debug capability. Beyond research, Shi engages in public science communication through long-form video content, aiming to demystify chip technology, AI, and computer science. He argues for the value of pursuing "hard and long-term" endeavors, whether in the meticulous world of chip verification or in creating substantive educational content, believing such sustained effort is likely the right path forward.

marsbitHá 38m

How Difficult is Chip Making? A Division Error Costs 475 Million Dollars

marsbitHá 38m

Claude to Mandate "Face-Scan ID Verification", No ID No Service Starting July?

Anthropic, the creator of Claude AI, has sent privacy policy update emails to users, signaling a significant shift. The key change, effective July 8, is the potential requirement for consumer-level users (Free, Pro, Max plans) to verify their age or identity. This verification would be conducted through the third-party service Persona, involving uploading a government-issued photo ID and taking a live selfie for comparison. Anthropic states this data is for security purposes only, will not be used for model training, and is processed by Persona, not stored on its own servers. The update also clarifies data handling for Claude's new capabilities: when performing multi-step tasks or connecting to third-party apps, user data may flow between Anthropic and those external services. Additionally, more information may be collected from users who participate in Anthropic research. This move is seen as a major step towards establishing accountability as AI agents become more powerful and autonomous, capable of executing complex, real-world tasks. It follows previous enforcement actions, like the banning of the "Fable 5" account, and indicates a broader industry trend toward stricter user identification and safety measures. The verification is expected to apply in specific scenarios, particularly as users engage Claude in more complex agentic workflows.

链捕手Há 50m

Claude to Mandate "Face-Scan ID Verification", No ID No Service Starting July?

链捕手Há 50m

Blockchain Has Finally Started to Sail into the Mainstream After 18 Years

Blockchain Finds Its True Path After 18 Years: Becoming the Financial Backbone for AI Agents and Autonomy This analysis explores a pivotal shift in the blockchain and crypto investment landscape, driven by the dominance of AI. Major venture capital firms, including Variant, Paradigm, Haun Ventures, and YZi Labs, are moving beyond pure "crypto" investment theses. They are expanding their focus to AI, robotics, and frontier tech, signaling that blockchain is no longer seen as a standalone sector but as an underlying infrastructure layer. The core argument is that blockchain's killer application may not be user-facing apps, but rather providing the economic rails for the coming wave of AI agents, autonomous robots, and automated systems. Key capabilities like self-custody wallets, programmable stablecoins for micropayments, on-chain identity, and verifiable smart contracts are positioned as essential for a future where machines conduct economic activity. The recent $1.4 billion investment by Tether (via its venture arm) in German robotics company NEURA Robotics exemplifies this, aiming to embed Tether's wallet tools directly into robots for autonomous transactions. While many "AI + Crypto" projects remain superficial, the article concludes that true value lies where crypto is a necessary component—enabling machine-to-machine payments, agent autonomy, verifiable data provenance, and open financial settlement for the AI era. For crypto venture capital, this convergence with AI represents both an adaptation to shifting capital flows and a potential path to unlocking the large-scale, non-speculative utility the industry has long sought.

marsbitHá 58m

Blockchain Has Finally Started to Sail into the Mainstream After 18 Years