Crypto hacks drop; supply-chain breaches and phishing rise

Crypto hackers stole $3.3 billion in 2025, but the number of incidents dropped sharply as losses clustered in fewer, more advanced supply-chain intrusions, according to new data from blockchain security firm CertiK.

While total losses remained high, the decline in incident counts and a lower median theft indicate improving protocol-level defenses, pushing attackers away from straightforward code flaws and toward phishing and infrastructure-layer vectors.

CertiK reported that supply-chain breaches were the most damaging, responsible for $1.45 billion across two incidents, including the $1.4 billion Bybit hack in February. The report said the Bybit exploit suggests well-funded, coordinated threat actors are increasingly active and projected further “sophistication” in supply-chain attacks as infrastructure providers become targets.

Crypto hacks by amount and incident, yearly chart. Source: CertiK

The total number of security incidents fell by 162 year over year, indicating that blockchain cybersecurity measures are strengthening even as attackers aim for larger targets.

The average loss per hack reached $5.3 million, up 66% from the prior year. However, the median loss — less affected by extreme outliers — declined to $103,966, a 35.75% decrease over the same period.

Cryptop hacks by incident type and amount of losses, one-year chart. Source: CertiK

Code vulnerabilities recede as “pig butchering” scams impact crypto users

Phishing emerged as the second-largest threat, costing crypto users a combined $722 million across 248 incidents.

Recently, an investor lost their entire Bitcoin (BTC) retirement savings in an artificial intelligence-enabled romance fraud, commonly referred to as a “pig butchering” scam, in which scammers use sustained emotional manipulation to persuade victims to transfer funds.

Pig butchering victim stats, grooming time. Source: Cyvers

Pig butchering scams, a subset of phishing, cost the industry an estimated $5.5 billion in 2024 across 200,000 cases.

According to blockchain security platform Cyvers, the average grooming period lasts between one and two weeks in 35% of cases, while 10% involve grooming that can extend up to three months.

In June, the U.S. Department of Justice announced the seizure of more than $225 million in cryptocurrency linked to pig butchering schemes.

Stay informed, read the latest news right now!

Disclaimer

The content on TrustsCrypto.com is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency markets are highly volatile, always do your own research before making decisions.

Some content may be assisted by AI and reviewed by our editorial team, but accuracy is not guaranteed. TrustsCrypto.com is not responsible for any losses resulting from the use of information provided.

admin

USR Depegs; Nevada Blocks Kalshi; Brazil Pauses Crypto Tax

USR Depegs; Nevada Blocks Kalshi; Brazil Pauses Crypto Tax

Hong Kong retiree loses $840K in triple crypto expert scam

Hong Kong retiree loses $840K in triple crypto expert scam

Satoshi-era Bitcoin whale makes test transaction after 14 years

Satoshi-era Bitcoin whale makes test transaction after 14 years

Hashi launches on Sui for Bitcoin lending with BitGo, FalconX

Hashi launches on Sui for Bitcoin lending with BitGo, FalconX

ECB opens digital euro work on ATMs and payment terminals

ECB opens digital euro work on ATMs and payment terminals

ECB opens digital euro workstreams for ATMs and terminals

ECB opens digital euro workstreams for ATMs and terminals

Leave a Reply

Your email address will not be published. Required fields are marked *