Crypto hack counts fall but supply chain attacks reshape threat landscape

cointelegraph2025-12-23 tarihinde yayınlandı2025-12-23 tarihinde güncellendi

Özet

New data from CertiK reveals that while crypto hackers stole $3.3 billion in 2025, the number of attacks fell sharply. Losses were concentrated in fewer, more damaging supply-chain attacks, which accounted for $1.45 billion across just two incidents, including the $1.4 billion Bybit hack. This shift indicates attackers are moving away from simple code vulnerabilities toward more sophisticated infrastructure-level exploits. The number of security incidents decreased by 162 year-over-year, suggesting improved protocol-level security. The median loss per hack fell 35.75% to $103,966, though the average loss rose to $5.3 million due to high-value outliers. Phishing scams were the second-largest threat, costing $722 million across 248 incidents. A significant subset was "pig butchering" romance scams, which used prolonged emotional manipulation and cost the industry $5.5 billion in 2024.

Crypto hackers stole $3.3 billion in 2025, but the number of attacks fell sharply as losses became concentrated in fewer, more sophisticated supply-chain exploits, according to new data from blockchain security firm CertiK shared with Cointelegraph.

While total losses remained elevated, the decline in incident counts and a drop in median theft sizes suggest that protocol-level security is improving, pushing attackers away from simple code vulnerabilities and toward phishing and infrastructure-level attacks.

CertiK said supply-chain breaches emerged as the most damaging threat, accounting for $1.45 billion in losses across just two incidents, including the $1.4 billion Bybit hack in February.

"The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem," the report said, predicting a rise in the “sophistication” of supply chain attacks as attackers target more infrastructure providers.

Crypto hacks by amount and incident, yearly chart. Source: CertiK

Related: Soulja Boy token sparks backlash after Base co-founder posts purchase receipt

The number of security incidents decreased by 162 counts year-over-year, indicating that blockchain cybersecurity measures are improving despite hackers aiming for larger targets.

The average amount lost per hack stood at $5.3 million, a 66% increase from the previous year. However, the median loss — a measure less influenced by outlier incidents — fell to $103,966, down 35.75% over the same period.

Cryptop hacks by incident type and amount of losses, one-year chart. Source: CertiK

Related: Solana AI token Ava hit by launch sniping tied to deployer: Bubblemaps

Code vulnerabilities fade as “pig butchering” scams threaten crypto savings

Phishing scams became the second-largest threat, costing crypto investors a cumulative $722 million across 248 incidents.

Recently, an investor lost their entire Bitcoin (BTC) retirement fund in an artificial intelligence-fueled romance scam, also known as a "pig butchering" scam, where the con artists used prolonged emotional manipulation to convince the investors to transfer their funds.

Pig butchering victim stats, grooming time. Source: Cyvers

Pig butchering scams are a subset of phishing scams that cost the industry a collective $5.5 billion in 2024, across 200,000 individual cases.

Notably, the average grooming period for victims is between one and two weeks in 35% of cases, while 10% of scams involve grooming periods of up to three months, according to blockchain security platform Cyvers.

In June, the US Department of Justice announced the seizure of over $225 million in crypto linked to pig butchering scams.

Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why

İlgili Sorular

QAccording to CertiK's data, what was the total amount stolen by crypto hackers in 2025 and what was the most damaging type of attack?

ACrypto hackers stole a total of $3.3 billion in 2025. The most damaging type of attack was supply-chain breaches, which accounted for $1.45 billion in losses.

QWhat does the report suggest about the trend in protocol-level security based on the decline in incident counts and median theft sizes?

AThe decline in incident counts and the drop in median theft sizes suggest that protocol-level security is improving. This is pushing attackers away from simple code vulnerabilities and toward more sophisticated methods like phishing and infrastructure-level attacks.

QWhat was the average amount lost per hack and how much did it change from the previous year?

AThe average amount lost per hack stood at $5.3 million, which was a 66% increase from the previous year.

QWhat are 'pig butchering' scams and how much did they cost the industry in 2024?

A'Pig butchering' scams are a subset of phishing scams that involve prolonged emotional manipulation to convince victims to transfer their funds. They cost the industry a collective $5.5 billion in 2024 across 200,000 individual cases.

QWhat significant action did the US Department of Justice take regarding pig butchering scams in June?

AIn June, the US Department of Justice announced the seizure of over $225 million in cryptocurrency that was linked to pig butchering scams.

İlgili Okumalar

Kicked Out of PayPal, Musk Aims for a Comeback in the Crypto Market

Elon Musk's X (formerly Twitter) has launched its "Smart Cashtags" feature, generating approximately $1 billion in trading volume within days of its April 2026 pilot launch. The feature allows users to click on stock or crypto tickers (or even full Solana token contract addresses) in posts to view real-time price charts and discussions without leaving the app. Initially available to iPhone users in the US and Canada, with a partnership in Canada enabling direct trading via the Wealthsimple app. This move is part of Musk's broader "Everything App" vision, spearheaded by the upcoming X Money platform. Analysts, such as Mizuho's Dan Dolev, see this as a potential disruptor to the US payments market, even prompting a downgrade of PayPal's stock. X Money's beta offers services like 6% APY on deposits, cashback, and P2P transfers, with speculation it may later incorporate crypto trading and stablecoin settlements for faster transactions. However, the ambitious plan faces significant regulatory scrutiny. Senator Elizabeth Warren has questioned the sustainability of the high 6% yield and raised concerns over X's banking partner, Cross River Bank, which has a history of regulatory violations. Additional risks involve the "GENIUS Act," which may create loopholes for stablecoin issuance without full FDIC insurance coverage, potentially leaving users unprotected. The integration of social trading on a platform with over 500 million users could inject new liquidity and retail interest into the crypto market. Yet, it also amplifies risks like herd mentality and the blurring of lines between entertainment and financial speculation. Musk's return to finance, after his ouster from PayPal, hinges on balancing innovation with regulatory compliance.

marsbit42 dk önce

Kicked Out of PayPal, Musk Aims for a Comeback in the Crypto Market

marsbit42 dk önce

Tether’s Mega-Freeze: $344M USDT Locked Down In Major Operation With US Authorities

Tether has frozen $344 million in USDT held in two Tron wallets at the request of US authorities, including OFAC, after the wallets were linked to sanctions evasion and criminal activity. The company emphasized its routine cooperation with global law enforcement, having supported over 2,300 cases and frozen more than $4.4 billion in assets to date. This action contrasts with increased scrutiny on rival stablecoin issuer Circle, which faces a lawsuit over its alleged failure to promptly freeze $280 million stolen in the Drift Protocol hack. Tether also announced a collaboration with Drift Protocol to support recovery efforts with nearly $150 million in backing.

bitcoinist1 saat önce

Tether’s Mega-Freeze: $344M USDT Locked Down In Major Operation With US Authorities

bitcoinist1 saat önce

Shenzhen's Airdrop Hunters Are Now Turning to Hong Kong Stock IPOs

Shenzhen, a city synonymous with ambition and rapid growth, has long been a hub for those capitalizing on information and opportunity gaps. From its origins as a small fishing village, it has transformed into a global center for electronics, manufacturing, and innovation, home to giants like Huawei, Tencent, and DJI. Arez, a typical Shenzhen entrepreneur in his early thirties, runs an airdrop farming studio in Nanshan. In 2023, his team profited significantly from major airdrops including Arbitrum, Starknet, and LayerZero. At its peak, the operation managed thousands of on-chain addresses, utilizing scripts, IP proxies, KYC resources, and capital rotation to maximize returns. Now, like many others in Shenzhen’s dynamic speculative economy, Arez and his peers are shifting focus—this time to Hong Kong’s IPO market, seeking new avenues for profit in ever-evolving financial landscapes.

marsbit1 saat önce

Shenzhen's Airdrop Hunters Are Now Turning to Hong Kong Stock IPOs

marsbit1 saat önce

Four Outrageous Details Hidden in Justin Sun's Lawsuit Against WLFI

Cryptocurrency billionaire Justin Sun has filed a lawsuit against World Liberty Financial (WLFI), accusing its executives of fraud, theft, and other violations. The complaint highlights four key allegations: First, it details the controversial history of WLFI co-founder Chase Herro, including past scams, a prison record, tax liens, and alleged visits to Jeffrey Epstein’s private island. Second, Sun claims WLFI secretly upgraded its smart contract without token holder approval, granting itself the power to freeze and seize WLFI tokens—a move allegedly used against Sun. WLFI defended the action as necessary to protect user interests. Third, the dispute may have been fueled by Sun’s $100 million purchase of TRUMP meme tokens issued by a Trump-affiliated project. WLFI reportedly objected, though the purchase was allegedly approved by a Trump family member involved with both projects. Finally, Sun accuses WLFI of operating an unlicensed money transmission business due to its centralized control over token transfers, potentially violating federal and state laws. WLFI CEO Zach Witkoff dismissed the suit as a desperate distraction from Sun’s own misconduct. Herro did not directly address the allegations.

marsbit1 saat önce

Four Outrageous Details Hidden in Justin Sun's Lawsuit Against WLFI

marsbit1 saat önce

Chip Stocks Hit Record Highs Since 2000, SaaS Stocks Fall to Yearly Lows: Two Worlds Under the AI Divide

The article highlights a stark divergence in the tech market driven by AI: semiconductor stocks are surging while SaaS stocks plummet. On April 23, Texas Instruments saw its best single-day performance since 2000, with Q1 revenue up 19% and data center revenue surging 90%. Intel also reported blowout results, with revenue far exceeding expectations and its stock rising over 20% after hours. The semiconductor ETF (SMH) is up nearly 28% this year. In contrast, SaaS companies like ServiceNow and IBM experienced historic declines, with ServiceNow dropping 18% despite beating earnings estimates. The software ETF (IGV) has entered a technical bear market, losing about $2 trillion in market cap. The trend, dubbed "SaaSpocalypse," reflects fears that AI agents could reduce the need for software licenses and enable companies to build internal tools instead of relying on SaaS subscriptions. The market is rotating capital from software to semiconductors, betting on AI infrastructure as a safer play. Chip stocks now trade at high valuations—Texas Instruments at a P/E over 50, Intel at 120 times forward earnings—pricing in years of growth. However, this depends on continued massive AI capital expenditure from tech giants. If spending slows, the trend could reverse. For now, the divide persists: chips celebrate, SaaS struggles.

marsbit1 saat önce

Chip Stocks Hit Record Highs Since 2000, SaaS Stocks Fall to Yearly Lows: Two Worlds Under the AI Divide

marsbit1 saat önce

İşlemler

Spot
Futures
活动图片