Despite the crypto industry’s ongoing cybersecurity efforts, protocols are engaged in an endless war with cryptocurrency hackers, who continue to attack the weakest link in crypto protocols, which is often a human behavioral element.
The industry is engaged in unfair warfare with bad actors, who only need a single point of vulnerability to exploit a protocol, according to Ronghui Gu, professor of computer science at Columbia University and the co-founder of blockchain security platform CertiK.
“As long as there’s a weak point or some vulnerabilities out there, sooner or later they will be discovered by these attackers,” said Gu, speaking during Cointelegraph’s Chain Reaction daily live X spaces show, adding:
“So it’s an endless war.”
“But I’m afraid that next year’s [hacks] will still be at a billion-dollar level,” said Gu, adding that both cybersecurity efforts and cybercriminals are becoming stronger. Still, attackers only need to find a single bug in the millions of lines of code audited daily by CertiK.
https://t.co/Z5iwqJqEpD
— Zoltan Vardai (@ZVardai) August 22, 2025
Related: $11B Bitcoin whale bets big on ETH upside, scoops up $108M spot Ether
Losses to crypto hacks and exploits spiked to $2.47 billion in the first half of 2025, despite declining hacks in the second quarter. Over $800 million was lost across 144 incidents in Q2, a 52% decrease in value lost compared to the previous quarter, with 59 fewer hacking incidents, CertiK said in a report on Tuesday.
The first half of 2025 has seen more than $2.47 billion in losses due to hacks, scams and exploits, representing a nearly 3% increase over the $2.4 billion stolen in all of 2024.
The lion’s share of the lost value was attributed to a single incident, a $1.4 billion Bybit hack on Feb. 21, marking the largest cyberexploit in crypto history.
Related: CBDCs close Orwell’s ’1984 loop perfectly,’ think tank says
Blockchain cybersecurity improvements will force hackers to target human behavior
The industry’s ever-evolving cybersecurity measures are forcing hackers to look for new vulnerabilities to exploit, including loopholes in human psychology, according to CertiK’s Gu, who explained:
“Let’s say that your protocol or layer 1 blockchain becomes more secure. Then they may target human beings behind it. The people who have the private key and so on.”
During 2024, about half of the crypto industry’s security incidents were caused by “operational risks” such as private key compromises, Gu added.
Hackers are increasingly targeting weak links in human behaviour, as highlighted by this year’s renewed wave of cryptocurrency phishing scams, which are social engineering schemes in which attackers share fraudulent links to steal victims’ sensitive information, such as private keys to cryptocurrency wallets.
On Aug. 6, an investor lost $3 million with a single wrong click, after accidentally signing a malicious blockchain transaction that drained $3 million worth of USDt (USDT) from his wallet.
Like most investors, the victim likely validated the wallet address by only matching the first and last few characters before transferring the $3 million to the malicious actor. The difference would have been noticeable in the middle characters, often hidden on platforms to improve visual appeal.
Another victim lost over $900,000 worth of digital assets to a sophisticated phishing attack on Aug. 3, 458 days after unknowingly signing a malicious approval transaction for a wallet-draining scam, Cointelegraph reported.
Magazine: Weird ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware
