Crypto Hacks 2025: Why the Human Factor Outperforms Code Security

The year 2025 will be recorded in cryptocurrency history as the most loss-making year – but the numbers tell a surprising story. While total losses from crypto hacks and fraudulent activities continue to rise, the technical security on the blockchain is improving dramatically at the same time. This apparent paradox reveals a fundamental shift in the security landscape: the enemy is no longer in the code, but behind the keyboard.

The biggest financial disasters of the year did not result from sophisticated exploits in smart contract code, but from people – stolen passwords, compromised devices, manipulated employees, and well-planned social engineering attacks. This insight upends the common assumption of many crypto investors.

17 billion dollars: When scammers target people instead of code

The Chainalysis 2026 Crypto Crime Report shows a clear picture: in 2025, approximately 17 billion USD were lost through fraud and scams – a massive increase mainly due to changing attack methods. The data reveal a remarkable shift in threat vectors.

Identity theft leads the new attack front: Fraudulent identity acquisitions alone increased by 1,400% year-over-year. These schemes systematically targeted individuals – not decentralized protocols. At the same time, the use of artificial intelligence proved particularly lucrative: AI-supported scams were 450% more profitable than traditional methods, enabling scammers to automate and personalize their attacks on a large scale.

A recent case illustrates this development: In January 2026, the blockchain research platform ZachXBT uncovered a social engineering attack in which a hacker stole 282 million USD – including 2.05 million LTC (currently about 119 million USD at a price of $58.06) and 1,459 BTC (at the current price of $78.99K, about 115 million USD). The perpetrator quickly converted the loot into the privacy coin Monero.

Such attacks are not isolated. They symbolize a fundamental trend: while crypto projects continuously improve their on-chain security, professional scammers increasingly focus on the vulnerability between human and machine.

The paradoxical security situation: Why on-chain hacks decrease but overall damages increase

This paradox is confusing at first glance but is explained by the industry’s skill in improving its technical defense mechanisms. Mitchell Amador, CEO of the on-chain security platform Immunefi, explained in an exclusive interview why this contradiction makes sense:

“Although 2025 was the worst year for crypto hacks since record-keeping began, these hacks stem from Web2 operational errors and not from on-chain code exploits. On-chain security is improving dramatically and will continue to do so."

Amador’s assessment is supported by market data: DeFi and on-chain protocol code are becoming increasingly harder to exploit. This is due to improved code review, stronger audit practices, and advanced security audits. As a result, attackers have had to reassess their strategies and turn to more flexible, less technical methods.

But the good news ends there. Amador warned that over 90% of all crypto projects still have critical, easily exploitable vulnerabilities. Even more concerning is the underutilization of existing defense tools: less than 1% of the industry employs firewalls, while fewer than 10% implement AI-supported detection systems. This indicates that technical security is not the main problem – rather, the issue lies in implementation and the human factor.

Identity theft and AI fraud: The new main attack points

The shift in threat vectors is evident. Social engineering tactics, manipulated support staff, and targeted impersonation of trusted persons have become the most successful attack methods. These techniques do not require deep technical knowledge of smart contracts – instead, scammers exploit psychological vulnerabilities and human fallibility.

The combination of AI technology and social engineering multiplies the effectiveness of such attacks. Chatbots can personalize phishing messages on a large scale, synthetic voices can imitate identities, and algorithms can analyze behavioral patterns to identify the best attack strategy.

Amador summarized this reality succinctly: “As the code becomes less vulnerable to attack, in 2026 the main attack point will be people. The human factor is now the weak link that on-chain security experts and Web3 actors must prioritize."

2026 and beyond: On-chain AI agents as the next security frontier

However, Amador’s most forward-looking warning does not concern current threats but an emerging reality: autonomous on-chain AI agents.

These systems will be capable of executing transactions independently, making strategic decisions, and managing large amounts of assets – all without direct human intervention. They promise efficiency gains but also open new attack surfaces.

“This introduces a completely new category of attack vectors,” warned Amador. “On-chain AI agents can be faster and more powerful than human operators and are especially vulnerable to manipulation if their access pathways or control levels are compromised."

In 2026, AI will accelerate the pace on both sides of the security battle. Defenders will increasingly rely on AI-supported monitoring and automated response systems – technologies operating at machine speed. At the same time, attackers will use the same AI tools for vulnerability research, exploit development, and large-scale social engineering campaigns.

The security paradigm of the crypto industry has fundamentally shifted. It is no longer primarily focused on hardening the technical code but on the protective layer between technology and user – user interfaces, corporate policies, monitoring systems, and education. The message is clear: in a world where crypto hacks are becoming more frequent, faulty code is not the problem – it is people who need to learn how to protect their digital assets.