And out of a recent report done by Hacken, we’ve seen the cryptocurrency industry deal with catastrophic losses. In the first half of 2025 alone, these losses were over $3 billion. These losses can be mostly blamed on targeted phishing campaigns and the use of technical vulnerabilities.
Social engineering, as opposed to breaches of standard technical protections, has become the leading threat vector. The report highlights that threat actors are increasingly targeting individuals through deceptive means to gain unauthorized access to crypto assets.
In just the first half of 2025, losses from phishing attacks alone surpassed $340 million. These increasingly frequent, nuanced attacks typically see hackers impersonating the likes of government institutions, educational establishments, and hospitals to convince users to reveal sensitive information or transfer funds.
A critical flaw, CVE-2025-29774, has allowed hackers to create fake digital signatures. As a result of this vulnerability, a malicious actor could authorize transactions without needing the private keys from the legitimate owners. Bitcoin, Ethereum, and BNB networks have all been subject to attacked withdrawals due to this vulnerability.
In mid-July 2025, WOO X, a leading cryptocurrency exchange platform announced a major security incident that resulted in the loss of $14 million. The breach occurred after an employee's device was compromised in a targeted phishing attack, underscoring the human element in cybersecurity vulnerabilities.
As further exemplifying the developing threat landscape, Google Forms have been weaponized in sophisticated crypto-stealing scams. Moreover, threat actors have used cloud flaws in Active Campaign to engage in cryptomining activities.
In 2025, overall collective losses for the industry tallied more than $3.1 billion. That uptick is driven by access-control vulnerabilities, exploits and errors in smart contracts, and instances of employee malfeasance. This figure highlights the dangerous lack of security that pervades the entire cryptocurrency ecosystem.
To mitigate the risk of falling victim to these attacks, experts recommend enabling two-factor authentication (2FA) on all crypto-related accounts. In addition, they recommend you double check QR codes and addresses by hand before starting any transactions. Whether investing in BTC, ETH, NFTs, or other digital assets and needing to store them long term, we advise using hardware wallets.
