Crypto hack counts fall but supply chain attacks reshape threat landscape

Zoltan Vardai 2 minutes ago Crypto hack counts fall but supply chain attacks reshape threat landscape Concerns about code vulnerabilities are fading in the crypto space, but more sophisticated scam tactics are emerging as protocol security improves. Listen 0:00 News COINTELEGRAPH IN YOUR SOCIAL FEED Crypto hackers stole $3.3 billion in 2025, but the number of attacks fell sharply as losses became concentrated in fewer, more sophisticated supply-chain exploits, according to new data from blockchain security firm CertiK shared with Cointelegraph. While total losses remained elevated, the decline in incident counts and a drop in median theft sizes suggest that protocol-level security is improving, pushing attackers away from simple code vulnerabilities and toward phishing and infrastructure-level attacks. CertiK said supply-chain breaches emerged as the most damaging threat, accounting for $1.45 billion in losses across just two incidents, including the $1.4 billion Bybit hack in February. "The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem," the report said, predicting a rise in the “sophistication” of supply chain attacks as attackers target more infrastructure providers. Crypto hacks by amount and incident, yearly chart. Source: CertiK Related: Soulja Boy token sparks backlash after Base co-founder posts purchase receipt The number of security incidents decreased by 162 counts year-over-year, indicating that blockchain cybersecurity measures are improving despite hackers aiming for larger targets. The average amount lost per hack stood at $5.3 million, a 66% increase from the previous year. However, the median loss — a measure less influenced by outlier incidents — fell to $103,966, down 35.75% over the same period. Cryptop hacks by incident type and amount of losses, one-year chart. Source: CertiK Related: Solana AI token Ava hit by launch sniping tied to deployer: Bubblemaps Code vulnerabilities fade as “pig butchering” scams threaten crypto savings Phishing scams became the second-largest threat, costing crypto investors a cumulative $722 million across 248 incidents. Recently, an investor lost their entire Bitcoin ( BTC ) retirement fund in an artificial intelligence- fueled romance scam , also known as a "pig butchering" scam, where the con artists used prolonged emotional manipulation to convince the investors to transfer their funds. Pig butchering victim stats, grooming time. Source: Cyvers Pig butchering scams are a subset of phishing scams that cost the industry a collective $5.5 billion in 2024 , across 200,000 individual cases. Notably, the average grooming period for victims is between one and two weeks in 35% of cases, while 10% of scams involve grooming periods of up to three months, according to blockchain security platform Cyvers. In June, the US Department of Justice announced the seizure of over $225 million in crypto linked to pig butchering scams. Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why # Cryptocurrencies # Phishing # Security # Hackers # Cryptocurrency Exchange # North Korea # Cybersecurity # CODE # Scams # Hacks # Bybit # Lazarus Group # Scams & Cybercrime Add reaction