In the first half of 2025, cryptocurrency security issues are showing an explosive trend. According to Chainalysis data, the amount of stolen crypto assets this year has exceeded $2.17 billion, surpassing the total for all of 2024. This data highlights the severity of security vulnerabilities in the industry and the urgency of addressing them.

The most impactful case this year was the attack on the ByBit exchange by the North Korean-supported Lazarus hacker group, resulting in a loss of approximately $1.5 billion in ETH, making it one of the largest exchange thefts to date. Similar incidents include the security breach at India's CoinDCX, which accelerated the industry's urgent assessment of platform security capabilities.

AI technology has been widely abused by scammers, leading to a surge in fraud cases. A report from TRM Labs states that from 2024 to April 2025, AI-driven crypto scams increased by 456% year-on-year, including deepfakes and identity forgery. Additionally, the JSCEAL malware disguises itself as a wallet application for exchanges by compiling JavaScript and spreads through advertisements, affecting over 10 million people globally.

Hackers are disguising common wallets, such as MetaMask, through malicious browser extensions, luring users to install them and stealing private keys and login credentials afterward. The "GreedyBear" extension once appeared in the Mozilla official store, affecting a wide range of users. Related research also points out that mainstream browser wallet extensions have up to 13 attack vectors and 21 specific malicious strategies, indicating an urgent need for security fixes.

In 2020, the LuBian mining pool was hacked for nearly 127,000 bitcoins, valued at $14.5 billion, due to insufficient entropy in private key generation, a vulnerability that was not revealed until Arkham Intelligence in 2025. This flaw stemmed from a critical design defect, reflecting the long-term risks of infrastructure.

DeFi platforms remain a hotspot for security attacks. Design flaws in smart contracts, mispricing mechanisms, and vulnerabilities in bridging architectures are frequent, with numerous hacking incidents involving asset tokenization platforms and cross-chain bridges. Users' lack of security awareness often leads them to overlook risks in pursuit of profits, creating a breeding ground for scams.

The Financial Action Task Force (FATF) urges countries to strengthen cryptocurrency asset regulation to address the financial risks posed by virtual asset vulnerabilities. Its report indicates that only 40 jurisdictions meet relevant standards. U.S. federal agencies have taken multiple actions, including dismantling the BlackSuit ransomware group, seizing BTC ransom from the "Chaos" organization, and cracking down on the criminal chain behind the ByBit theft.

Major security incidents directly trigger severe market fluctuations. For example, the ByBit hacking case caused the cryptocurrency market's total market value to drop nearly 20% in a short period. Additionally, some stolen assets have further appreciated due to rising coin prices, increasing hackers' profits and exacerbating market risks.

In the face of multidimensional security threats, the industry should take action in the following areas:

• Strengthen platform and contract security audits: Exchanges and DeFi products should introduce third-party regular audits to promptly fix vulnerabilities;

• Build an AI fraud defense system: Apply deep learning to monitor abnormal behaviors and identify malicious advertisements and access patterns;

• Promote the concept of self-custody cold wallets: Spread the idea that "controlling private keys is controlling assets" to reduce concentration risks;

• Enhance regulatory cooperation and cross-border tracking capabilities: The FATF and law enforcement agencies should jointly track the flow of cryptocurrency assets;

• Improve user education and risk awareness: Strengthen risk education for ordinary investors to reduce blind following and losses from scams.

The security challenges of cryptocurrencies continue, and only through cautious regulations, technological advancements, and user consensus can we gradually strengthen the defenses of the digital asset ecosystem.

Related: BtcTurk suspends withdrawal services, suspected to have suffered a $48 million cryptocurrency hacking attack.

Original: “Cryptocurrency Security Risk Panorama: Vulnerabilities, Scams, and Regulatory Response Analysis”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。