Crypto stagers are abandoning traditional code exploits as a vehicle of attack in favor of manipulating human psychology, Web3 security firm CertiK said.
The first half of 2025 has seen over $2.1 billion worth of crypto stolen, with a rise in phishing campaigns and wallet thefts, CertiK’s co-founder Ronghui Gu told Chain Reaction X program interview.
Human Errors Trump Code Exploits
In earlier times, hackers exploited vulnerabilities in blockchain protocols and smart contracts. According to CertiK’s latest reports, though, social engineering—how to manipulate users into revealing their sensitive data—has become the number one attack vector, beating code exploits.
“Of this $2.1 billion, most was caused by wallet compromise, key mismanagement, and operational issues,” Gu stated.
Phishing attacks themselves also cost the industry over $1 billion in 296 attacks in 2024, and are thus the most expensive threat vector, according to CertiK’s Hack3d report.
Highlights of Major 2025 Incidents Showcase the Trend
The biggest of the year’s incidents was the $1.4 billion Bybit hack on February 21, attributed to North Korea’s Lazarus Group. That single incident alone accounted for over 60% of all losses for 2025.
In one recent case, a $330.7 million Bitcoin heist victimized an American elderly victim by means of a social engineering scam—no code flaw leveraged.
Why Human Behavior Is The Weak Link
Gu highlighted the trend shows DeFi protocols are becoming more secure, yet users remain vulnerable.
“Smart contracts were the weak point previously,” he said. “Human behavior today proves more susceptible to attacks than the code.”
Methods like address poisoning trick users into sending cryptocurrency to fake addresses that are suspiciously close to legitimate ones—no hacking expertise needed.
Industry Must Redirect Focus to Wallet Security
Gu urged the industry to invest in:
- Enhanced wallet access controls
- Real-time transaction surveillance
- Key management solutions
Behavioral simulation and training
With phishing and wallet hacks becoming increasingly widespread, crypto users—not just developers—are now needed to be considered a first line of defense.
