Crypto scammers have evolved their tactics. According to a recent report by the blockchain security firm CertiK, crypto hacks have evolved into social engineering of victims to reveal sensitive information instead of targeting contract vulnerabilities. So far in 2025, more than $2.2 billion has been stolen from investors by crypto hackers. The report by CertiK suggests that a sizeable chunk of these crypto hacks have come from phishing attacks and wallet compromises. Additionally, the report emphasises that a few major incidents among numerous hacks have caused significant losses and can be traced back to state-backed perpetrators or critical infrastructure flaws. Notably, CertiK mentions that the attacks on Bybit and Cetus Protocol have somewhat skewed the data since they accounted for about $1.78 billion of total losses, pushing these 2025 numbers above last year. Bybit suffered the biggest attack on its assets this year in February 2025, which left a $1.5 billion hole in its pocket. In the case of Cetus Protocol, a decentralised exchange based on Sui, the hackers used spoofed tokens and price manipulation to drain liquidity, leading to a loss of $225 million. Sui validators were able to freeze and return $162 million from the larger stolen amount. #CertiKInsight Thus far in 2025, on-chain incidents have led to ~$2.1B in losses. The majority of losses have come from wallet compromises and phishing, with an increase in data leaks its important to remain vigilant. pic.twitter.com/Cjm6QFHWqX — CertiK Alert (@CertiKAlert) May 23, 2025 Phishing attacks entail crypto scammers sharing deceptive links with the victims to get hold of their sensitive information, such as private keys to crypto wallets, etc. Ronghui Gu, the co-founder of CertiK, believes that the rise in phishing attacks that socially engineer victims to share sensitive information alludes to crypto scammers changing their attack protocols. Explore: 10+ Crypto Tokens That Can Hit 1000x in 2025 Trend of Wallet Breaches Becomes Alarming The report suggests that between January and June of 2025, crypto hackers carried out 334 attacks, amounting to a loss of $2.47 billion. Amongst these incidents, wallet breaches alone accounted for $1.7 billion from just 34 attacks. While CertiK has noted that private key compromises are on the decline, it has called the trend of wallet breaches “alarming.” Social engineering schemes have become a major threat. Schemes such as address poisoning do not require any hacking since the victim is tricked into sending assets to fraudulent wallet addresses. Case in point, a Bitcoin whale falling victim to a phishing scam on 30 April 2025, that cost him an eye-watering $330 million loss. Discounting the high-profile attacks on these two exchanges brings total losses to about $690 million, which is quite similar to last year, with Ethereum being the most targeted blockchain, witnessing 175 security-related events, accounting for over $1.6 billion in losses. Explore: Best New Cryptocurrencies to Invest in 2025 Crypto Hacks Exploit Code Vulnerabilities CertiK reported a dramatic rise in crypto losses driven by smart contract flaws in May, raking $229 million in damages, up from just $5 million in April. 1/ Top threats in Q2: • Phishing – $395M
• Code vulnerabilities – $236M
• Wallet compromise – $112M Despite the losses, total incidents dropped by 29% QoQ. — CertiK (@CertiK) June 30, 2025 As scams and hacks surge, physical attacks on private crypto holders are growing more brutal. According to Jameson Lopp, a bitcoin security advocate, this year has already seen reports of 32 wrench attacks (physical attacks), putting 2025 on track to surpass 2021’s record of 36. Nearly one-third occurred in France. In May alone, French authorities arrested 25 suspects tied to a Paris-based kidnapping ring. Notable cases include the January kidnapping and mutilation of Ledger co-founder David Balland during a failed ransom attempt, impostors posing as couriers abducted a trader’s father, severed a finger, and demanded €7 million, kidnappers attempted to take Paymium CEO Pierre Noizat’s daughter and grandson, and abductors in Las Vegas drove the victim into the Arizona desert. Explore: 9+ Best High-Risk, High-Reward Crypto to Buy in June 2025 Key Takeaways

• Crypto hackers are now socially engineering victims to gain access to sensitive information


• Investors have lost more than $2.2B to crypto scams in H1 2025


• Between January and June of 2025, crypto hackers carried out 334 attacks that amounted to a loss of $2.47 billion

A crypto user has just lost more than $2.5 million in a simple copy-and-paste mistake. They tried to move 843,166 USDT to a safe wallet. Instead, they sent a chunk of it to the wrong address. Then they did it again—this time sending $1.7 million to the same scammer. It’s a costly reminder that even small slips can erase fortunes. Copy-Paste Blunder Leads To Million-Dollar Loss According to on-chain records, the victim first moved $838,611 in USDT to the right address (0x4668D1Fe87444a4d750…). A moment later, they clicked the wrong entry in their transaction history. That misstep cost them 843,166 USDT at current prices. They tried once more. And again the funds went to the scammer’s account—and another $1.7 million vanished. History Poisoning Trick Catches Many Off Guard Based on reports from Scam Sniffer, scammers are using “transaction history poisoning” to pull off these cons. They send tiny “dust” transfers from look-alike addresses—just enough to clutter a wallet’s history. Transaction History Poisoning: 1. Scammer sends fake/dust transfer with similar address 2. Their fake address appears in your history 3. You copy address from history thinking it’s legitimate 4. Funds get sent to scammer insteadhttps://t.co/S2lM8J8XWm — Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 26, 2025 When users scroll back through past transactions, they can’t tell the real address from the bogus one. Copy. Paste. Gone. In this case, the attack address (0x4668EE748c88DA4FEc…) looked almost identical to the real one. And it showed zero balance, adding to the confusion. Phishing Scams Remain High April’s phishing losses hit $5.29 million. That’s down 17% from March. But the number of victims climbed 26%, from 5,992 to 7,565 addresses. A single “whale” lost $1.43 million to a phishing signature. Back in March, the biggest haul was $1.82 million. ScamSniffer April 2025 Phishing Report April losses: $5.29M | 7,565 victims VS March: -17% in losses | +26% in victims Key insight: Notable spike in victim count despite lower total losses. Largest attack netted $1.43M via phishing, followed by $700K from address poisoning… pic.twitter.com/mJbGgGyGrN — Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 3, 2025 April’s second-largest attack saw one user lose $700,000 after copying the wrong address. Another person sent $150,000 by mistake. And wallet 0xEFc4f1d5 alone lost over $467,000 in a similar copy-paste trap. New Threats From EIP-7702 Upgrade On May 24, the phishing gang Inferno Drainer used Ethereum’s new EIP-7702 rules to steal almost $150,000 in one hit. EIP-7702 lets regular accounts act like smart contracts for a moment. The scammers guided victims to approve a batch of hidden token transfers through a delegated MetaMask setup. One click opened the door for a silent “execute” command that drained the wallets in seconds. Greed Breeds Risk Crypto markets are near $3.5 trillion in total value. Bitcoin hit a fresh all-time high of $111,900 on May 22. Traders are chasing big gains. That rush makes urgent moves, and urgent moves invite mistakes. Featured image from Unsplash, chart from TradingView