Crypto hack counts fall but supply chain attacks reshape threat landscape

cointelegraphОпубліковано о 2025-12-23Востаннє оновлено о 2025-12-23

Анотація

New data from CertiK reveals that while crypto hackers stole $3.3 billion in 2025, the number of attacks fell sharply. Losses were concentrated in fewer, more damaging supply-chain attacks, which accounted for $1.45 billion across just two incidents, including the $1.4 billion Bybit hack. This shift indicates attackers are moving away from simple code vulnerabilities toward more sophisticated infrastructure-level exploits. The number of security incidents decreased by 162 year-over-year, suggesting improved protocol-level security. The median loss per hack fell 35.75% to $103,966, though the average loss rose to $5.3 million due to high-value outliers. Phishing scams were the second-largest threat, costing $722 million across 248 incidents. A significant subset was "pig butchering" romance scams, which used prolonged emotional manipulation and cost the industry $5.5 billion in 2024.

Crypto hackers stole $3.3 billion in 2025, but the number of attacks fell sharply as losses became concentrated in fewer, more sophisticated supply-chain exploits, according to new data from blockchain security firm CertiK shared with Cointelegraph.

While total losses remained elevated, the decline in incident counts and a drop in median theft sizes suggest that protocol-level security is improving, pushing attackers away from simple code vulnerabilities and toward phishing and infrastructure-level attacks.

CertiK said supply-chain breaches emerged as the most damaging threat, accounting for $1.45 billion in losses across just two incidents, including the $1.4 billion Bybit hack in February.

"The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem," the report said, predicting a rise in the “sophistication” of supply chain attacks as attackers target more infrastructure providers.

*Crypto hacks by amount and incident, yearly chart. Source: CertiK*

Related: Soulja Boy token sparks backlash after Base co-founder posts purchase receipt

The number of security incidents decreased by 162 counts year-over-year, indicating that blockchain cybersecurity measures are improving despite hackers aiming for larger targets.

The average amount lost per hack stood at $5.3 million, a 66% increase from the previous year. However, the median loss — a measure less influenced by outlier incidents — fell to $103,966, down 35.75% over the same period.

*Cryptop hacks by incident type and amount of losses, one-year chart. Source: CertiK*

Related: Solana AI token Ava hit by launch sniping tied to deployer: Bubblemaps

Code vulnerabilities fade as “pig butchering” scams threaten crypto savings

Phishing scams became the second-largest threat, costing crypto investors a cumulative $722 million across 248 incidents.

Recently, an investor lost their entire Bitcoin (BTC) retirement fund in an artificial intelligence-fueled romance scam, also known as a "pig butchering" scam, where the con artists used prolonged emotional manipulation to convince the investors to transfer their funds.

*Pig butchering victim stats, grooming time. Source: Cyvers*

Pig butchering scams are a subset of phishing scams that cost the industry a collective $5.5 billion in 2024, across 200,000 individual cases.

Notably, the average grooming period for victims is between one and two weeks in 35% of cases, while 10% of scams involve grooming periods of up to three months, according to blockchain security platform Cyvers.

In June, the US Department of Justice announced the seizure of over $225 million in crypto linked to pig butchering scams.

Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why

Пов'язані питання

QAccording to CertiK's data, what was the total amount stolen by crypto hackers in 2025 and what was the most damaging type of attack?

ACrypto hackers stole a total of $3.3 billion in 2025. The most damaging type of attack was supply-chain breaches, which accounted for $1.45 billion in losses.

QWhat does the report suggest about the trend in protocol-level security based on the decline in incident counts and median theft sizes?

AThe decline in incident counts and the drop in median theft sizes suggest that protocol-level security is improving. This is pushing attackers away from simple code vulnerabilities and toward more sophisticated methods like phishing and infrastructure-level attacks.

QWhat was the average amount lost per hack and how much did it change from the previous year?

AThe average amount lost per hack stood at $5.3 million, which was a 66% increase from the previous year.

QWhat are 'pig butchering' scams and how much did they cost the industry in 2024?

A'Pig butchering' scams are a subset of phishing scams that involve prolonged emotional manipulation to convince victims to transfer their funds. They cost the industry a collective $5.5 billion in 2024 across 200,000 individual cases.

QWhat significant action did the US Department of Justice take regarding pig butchering scams in June?

AIn June, the US Department of Justice announced the seizure of over $225 million in cryptocurrency that was linked to pig butchering scams.

Пов'язані матеріали

Crypto Regulation: Polish Parliament Fails To Overturn Presidential Veto Again

Poland's Parliament has again failed to override President Karol Narcowski's veto of the Crypto Asset Market Act, which aimed to align national regulations with the EU's MICA framework. The vote fell short of the required majority, marking the second unsuccessful attempt to pass the legislation. The President has consistently opposed the bill, citing overregulation, ambiguity, and increased burdens on small businesses. Government ministers criticized the veto, with the Finance Minister warning that the lack of regulation fosters a risky environment for investors. Prime Minister Donald Tusk also accused Poland's largest crypto exchange, Zondacrypto, of having alleged ties to Russian intelligence and funding opposition politicians, linking these concerns to the legislative push. The government has vowed to continue its efforts to pass the bill.

bitcoinist1 год тому

Crypto Regulation: Polish Parliament Fails To Overturn Presidential Veto Again

bitcoinist1 год тому

Hong Kong Crypto Scam Shock: Woman Loses Nearly $1 Million As AI Fraud Surges

Hong Kong Crypto Scam Shock: Woman Loses Nearly $1 Million As AI Fraud Surges A Hong Kong woman lost HK$7.7 million (approximately $982,000) after being lured into a fraudulent cryptocurrency investment platform. The scam began on Telegram, where a person posing as an investment expert promoted an AI-powered trading strategy with guaranteed returns. After making 17 transfers of USDT and Ethereum, the victim was unable to withdraw her funds. Hong Kong Police have reported a significant surge in such online investment fraud, with over 80 cases recorded in a single week, totaling losses of nearly HK$80 million. Authorities warn that scammers are increasingly using sophisticated tactics, including promises of "AI trading" and "guaranteed profits," to appear credible. This follows a similar incident last month where a retiree lost HK$6.6 million in a multi-stage scam. Police urge the public to be cautious of unsolicited investment advice and to verify platforms through the official CyberDefender service before transferring any money. They emphasize that no legitimate investment can guarantee returns. Investigations are ongoing.

bitcoinist5 год тому

a16z New Article: Prediction Markets Entering the Fast-Forward Phase

Prediction markets are evolving from niche tools focused on elections and sports into a broader financial infrastructure for pricing real-world uncertainty. Key shifts include: application expansion beyond sports into entertainment, macro, and CPI markets; the creation of direct price benchmarks for events (e.g., tariffs, Fed decisions), enabling precise hedging without correlated asset risks; and growing institutional adoption, though still early-stage. While sports drive volume, long-tail markets show faster growth. Current institutional use is primarily for data, but progression toward system integration and active trading is expected. Regulatory advancements, like margin trading, are critical for scaling. The market is transitioning toward an essential, institutional-grade tool, similar to the evolution of options markets.

marsbit7 год тому

a16z New Article: Prediction Markets Entering the Fast-Forward Phase

marsbit7 год тому

Kyrgyzstan President Meets Justin Sun, Tron Collaborates with Kyrgyzstan to Build a New Digital Economy Landscape in Central Asia

Justin Sun, founder of TRON, met with Kyrgyzstan President Sadyr Japarov in Bishkek to discuss digital financial transformation, virtual asset regulation, and TRON’s strategic expansion into Central Asia. This marks TRON's first major partnership in the region. President Japarov emphasized Kyrgyzstan’s goal to become a regional hub for virtual assets and Web3 technologies, aligning with TRON’s strengths in high-throughput, low-cost stablecoin infrastructure. Sun expressed TRON’s commitment to supporting this vision through concrete projects. Japarov also highlighted the work of the National Committee for Virtual Assets and Blockchain Development, which he chairs. The committee has advanced initiatives including exploring a national stablecoin, testing a CBDC, and developing a regulatory sandbox. The meeting underscores growing international interest in Kyrgyzstan’s digital economy strategy.

marsbit7 год тому

Kyrgyzstan President Meets Justin Sun, Tron Collaborates with Kyrgyzstan to Build a New Digital Economy Landscape in Central Asia

marsbit7 год тому

TechFlow Intelligence Bureau: KelpDAO Attack Causes Nearly $300 Million Loss, Triggers Aave Withdrawal Wave, RAVE Crashes 95% in a Single Day

China's AI firm DeepSeek is seeking external funding for the first time, with a valuation exceeding $10 billion, signaling intensifying competition and high R&D costs in the domestic large model sector. Meanwhile, OpenAI CEO Sam Altman faces scrutiny over potential conflicts of interest between his personal investments and OpenAI’s business ahead of a possible IPO. In Web3, KelpDAO suffered a $294 million attack due to forged cross-chain messages on LayerZero, leading to massive withdrawals from Aave and a resulting 18% drop in AAVE tokens. Separately, RAVE cryptocurrency collapsed by 95% in a single day amid suspected insider manipulation. Geopolitically, Iran is now demanding Bitcoin payments for transit through the Strait of Hormuz, reflecting both internal governmental discord and the growing adoption of crypto in tense regions. In semiconductors, Nvidia CEO Jensen Huang showed rare public frustration over questions regarding chip sales to China, while the industry faces renewed price hikes. Tesla continues expanding its Robotaxi service, and a Chinese humanoid robot outperformed humans in a half-marathon, marking a milestone in robotics. Despite Middle East tensions and market uncertainties, U.S. stocks continue to rise, prompting discussions about market optimism versus risk blindness. Overall, today’s developments highlight systemic vulnerabilities—in tech, finance, and geopolitics—while also showcasing innovation in crises.

marsbit8 год тому

TechFlow Intelligence Bureau: KelpDAO Attack Causes Nearly $300 Million Loss, Triggers Aave Withdrawal Wave, RAVE Crashes 95% in a Single Day

marsbit8 год тому

Торгівля

Спот

Ф'ючерси