The cryptocurrency industry is seeing a notable shift in its security landscape. While the total number of crypto-related hacks is falling, attackers are increasingly focusing on fewer but far more complex and damaging exploits. New data from blockchain security firm CertiK shows that hackers stole an estimated $3.3 billion in 2025, even as overall attack counts dropped sharply.
According to the report, shared with Cointelegraph, this trend reflects improving protocol-level security across the crypto ecosystem. As basic code vulnerabilities become harder to exploit, attackers are adapting by targeting infrastructure providers, supply chains, and human behavior instead.
Fewer attacks, higher stakes
CertiK recorded 162 fewer security incidents year over year, a sign that blockchain platforms and smart contracts are becoming more resilient. However, losses are increasingly concentrated in a small number of high-impact breaches.
Supply chain attacks stood out as the most damaging threat in 2025, accounting for $1.45 billion in losses across just two incidents. One of those was the $1.4 billion hack of crypto exchange Bybit in February, which underscored how devastating infrastructure-level compromises can be.
“The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem,” CertiK noted, adding that attackers are likely to further refine these methods as defenses at the protocol level continue to strengthen.
This concentration of losses helps explain a striking statistical split. The average amount stolen per hack rose to $5.3 million, up 66% from the previous year. At the same time, the median loss per incident fell to $103,966, a decline of nearly 36%, suggesting that while everyday attacks are smaller, rare large-scale breaches are skewing overall totals.
Phishing and romance scams gain ground
As technical exploits become more difficult, social engineering is emerging as a major area of concern. Phishing scams ranked as the second-largest source of crypto losses, draining $722 million from investors across 248 incidents.
Among the most troubling trends is the rise of so-called “pig butchering” scams. These schemes involve prolonged emotional manipulation, often through fake online relationships, to convince victims to transfer their crypto assets. In one recent case, an investor lost their entire Bitcoin retirement savings after being targeted in an AI-assisted romance scam.
Pig butchering scams are part of a broader phishing problem that cost the crypto industry an estimated $5.5 billion in 2024 alone, spread across roughly 200,000 cases. Data from blockchain security platform Cyvers shows that in 35% of incidents, victims are groomed for one to two weeks, while around 10% endure manipulation lasting up to three months.
Law enforcement is beginning to respond more aggressively. In June, the US Department of Justice announced it had seized more than $225 million in cryptocurrency tied to pig butchering operations, marking one of the largest recoveries linked to crypto fraud to date.
A changing threat landscape
Taken together, the data points to a maturing but still vulnerable crypto ecosystem. Stronger smart contract audits and security practices appear to be reducing opportunistic attacks, but they are also pushing criminals toward more sophisticated strategies that target infrastructure and human trust rather than code alone.
