Hackers in the cryptocurrency space are shifting their focus from traditional smart contract flaws to manipulating individuals through social engineering tactics, as per Web3 security firm CertiK. The company reports that over $2.1 billion has already been lost to crypto-related attacks in 2025.
Most of the damage stems from wallet breaches, which far outpace all other attack vectors in terms of losses.
The report revealed that despite accounting for only 23 reported incidents, wallet compromises led to a whopping $1.6 billion in losses, making it the most damaging category by far. In comparison, phishing incidents were the most frequent, with 114 cases resulting in approximately $401.5 million in losses.
Next up was code vulnerabilities, which were nearly as common, with 100 incidents leading to $281.6 million in losses, highlighting the continued threat posed by insecure smart contracts and flawed implementations.
Interestingly, access control issues were reported 19 times but caused relatively lower financial damage at $14.1 million, while exit scams, despite being notoriously difficult to track and recover from, totaled just 9 incidents and $1.6 million in losses.
Price manipulation attacks were similarly limited in scope, with 15 cases and $8.1 million in damages. The stark contrast between the frequency and financial impact across incident types indicated a critical insight: while phishing and code vulnerabilities are more common, wallet compromises result in disproportionately higher losses. This suggests that attackers are increasingly targeting high-value wallets.
In May alone, the total amount lost to a combination of exploits, hacks, and scams came down to approximately $140.1 million after $162 million in assets linked to these incidents was successfully frozen. Sui-based decentralized exchange, Cetus, topped with $225 million in losses.
Of the total losses, Code vulnerabilities and phishing emerged as two major threat vectors during the month, accounting for roughly $230 million and $47.6 million in stolen funds, respectively. Meanwhile, around $8.5 million resulted specifically from wallet-draining attacks.
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
Key Takeaways After OpenAI said the “OpenAI tokens” don’t represent real equity, Elon Musk replied…
A well-made, durable carry-on is an essential piece of luggage for every traveler, but especially…
Disclaimer: This article is for informational purposes only and does not constitute financial advice. BitPinas…
American Bitcoin, backed by Eric Trump, raises $220 million to expand its Bitcoin mining operations…
OpenAI wants to make clear that Robinhood’s sale of “OpenAI tokens” will not give everyday…
Blackrock’s Bitcoin ETF is now out-earning its flagship S&P 500 fund, marking a pivotal moment…