Increased Danger of Phishing Attacks Issued by CertiK
Phishing and social engineering attacks are set to be the main drivers of cryptocurrency losses in 2025, according to the latest reports from security firm CertiK. These tactics are expected to account for around 80% of all crypto losses, exposing human behaviour as the most critical vulnerability in the crypto ecosystem.
The findings from CertiK's "Hack3d" report for the first half of 2025 reveal that total crypto losses due to hacks, scams, and exploits reached approximately $2.47 billion. This figure is a significant increase from the $2.36 billion stolen across all incidents in 2024, marking a 31.61% increase.
Phishing was the most costly attack vector in 2024, with unreported incidents and other scams contributing to a higher actual tally. In fact, over $1 billion was stolen through 296 phishing attacks in 2024, according to CertiK. These figures are conservative, as a CertiK representative stated.
The report does not provide specific details about the industries or platforms targeted in these attacks. However, it is known that the majority of Web3-market losses in 2024 affected DeFi, CeFi platforms, gaming, and metaverses. In 78% of these incidents, exploits stemmed from access control vulnerabilities.
One notable incident in 2024 was the hack of the Japanese cryptocurrency exchange DMM Bitcoin, resulting in the loss of 4,502 BTC (worth $320 million at the time). This hack was the country's second-largest loss after the Coincheck breach. Unfortunately, DMM Bitcoin announced liquidation in December 2024.
North Korean hackers were also active in 2024, stealing at least $1.34 billion worth of crypto assets.
As we move into 2025, experts predict that phishing attacks will remain prevalent. To combat these threats, new security models such as seedless wallet technologies are being developed to eliminate human error points like seed phrase management. Efforts to combat phishing will likely involve AI-powered monitoring and tamper-proof hardware to protect private keys better.
In summary, the crypto industry is increasingly viewing human factors as the main attack vector. This shift in focus is driving innovations away from traditional key management toward seedless custody solutions. Reports from CertiK and experts underscore the need for improved user security awareness and advanced technological defenses to meet evolving phishing threats.
Bitcoin, being a significant component of the cryptocurrency ecosystem, is not immune to phishing attacks, as evident by the $1 billion stolen in 2024 through such attacks, according to CertiK's report. To strengthen cybersecurity in the rapidly growing technology sector, innovative solutions like seedless wallet technologies are being developed to minimize human errors associated with seed phrase management.
