The era of the "simple" crypto hack, where a lone coder finds a bug in a smart contract, is starting to fade. But that doesn’t mean the industry is out of the woods. According to new data from CertiK, crypto thieves stole $3.3 billion in 2025. While that number is staggering, it tells a surprising story: protocol security is actually improving significantly.
The number of individual attacks dropped significantly this year, suggesting that the "fortress walls" around major platforms are harder to scale. However, when hackers do get in, they are doing much more damage. They’ve pivoted from looking for typos in code to executing massive supply-chain attacks.
Crypto hacks by amount and incident, yearly chart. Source: CertiK
The most jarring example was the $1.4 billion breach at Bybit in February. It’s a sign that attackers are no longer just looking for a quick score; they are well-funded, coordinated groups targeting the very infrastructure the industry relies on. While the "median" loss for a hack fell to about $104,000 (meaning typical incidents are getting smaller), the average loss per hack jumped to $5.3 million because of these massive, high-level strikes.
Crypto hacks by incident type and amount of losses, one-year chart. Source: CertiK
As developers get better at fixing vulnerabilities, scammers have turned their attention to a much more vulnerable target: the human heart. Phishing has evolved into something far more sinister than a fake email. It’s now the second-largest threat in the space, accounting for $722 million in losses this year.
Pig butchering victim stats, grooming time. Source: Cyvers
The most heartbreaking trend is the rise of "pig butchering" scams. These aren't quick thefts; they are long-game psychological operations. In one tragic case, an investor lost their entire Bitcoin retirement fund to a scammer using AI-enhanced tools to pose as a romantic interest.
Unlike traditional hacks that happen in seconds, these scams are built on months of grooming. Data from Cyvers shows that while many scams take a week or two, about 10% of victims are manipulated for up to three months before they are finally "slaughtered" (defrauded of their life savings). These tactics were so widespread in 2024 that they cost individuals a collective $5.5 billion.
While the US Department of Justice is making strides, recently seizing $225 million linked to these rings, the message is clear: the biggest threat to your crypto today isn't a bug in the software; it’s the person on the other end of the screen.