tl;dr
Despite ongoing cybersecurity efforts, the crypto industry continues to face significant losses from hacks, reaching $2.47 billion in the first half of 2025, including a record $1.4 billion breach of Bybit. As blockchain protocols strengthen, attackers increasingly exploit human vulnerabilities, suc...
Despite ongoing cybersecurity efforts within the crypto industry, protocols remain locked in a relentless battle with hackers who consistently exploit the weakest link—often human behavior. Ronghui Gu, professor of computer science at Columbia University and co-founder of blockchain security platform CertiK, describes this as an “endless war” where attackers only need to find a single vulnerability to exploit. Gu warns that losses from crypto hacks will likely remain at billion-dollar levels, despite strengthening defenses on both sides.
According to CertiK’s recent report, losses from crypto hacks and exploits surged to $2.47 billion in the first half of 2025, marking a nearly 3% increase compared to the entire year of 2024. More than half of this staggering amount resulted from a single $1.4 billion breach of Bybit in February, which stands as the largest cyberexploit in crypto history. The second quarter showed a decline in both the number and value of incidents, yet the overall trend underscores the severity of the problem.
As blockchain technology and protocols become more secure, hackers increasingly shift focus toward human vulnerabilities. Gu explains that when security at the protocol or blockchain level tightens, attackers target the people behind the technology, particularly those holding private keys. Operational risks, including compromised private keys, accounted for about half of the crypto industry’s security incidents in 2024.
This shift manifests in a surge of sophisticated phishing scams that prey on human error. For example, on August 6, an investor lost $3 million USDt by clicking a malicious transaction link and inadvertently authorizing a wallet drain. The victim likely only verified the first and last few characters of the wallet address, missing differences hidden in middle characters. Another victim suffered losses exceeding $900,000 after falling prey to a phishing scam that exploited a previously signed malicious transaction from over a year earlier.
The evolving landscape of crypto security underscores a vital lesson: technical improvements alone cannot fully secure assets without addressing the human factor. Investors and developers alike must remain vigilant and educate themselves to prevent costly mistakes that cybercriminals continue to exploit.