Despite the ongoing efforts in the cryptocurrency industry to enhance cybersecurity, various protocols are still engaged in an endless battle with cryptocurrency hackers. Hackers continue to target the weakest links in crypto protocols, which are often related to human behavior.
The industry is in an asymmetric war with criminals, who only need to find a single vulnerability to breach a protocol, according to Ronghui Gu, a computer science professor at Columbia University and co-founder of the blockchain security platform CertiK.
Gu stated during Cointelegraph's Chain Reaction daily X Spaces live show: "As long as there are weak points or vulnerabilities, attackers will eventually find them." He added:
Gu also expressed concern that losses from attacks next year will still reach the billion-dollar level. He noted that both cybersecurity defenses and the tactics of cybercriminals are continuously evolving. However, attackers only need to find one vulnerability among the millions of lines of code that CertiK audits daily.
CertiK's report released on Tuesday indicated that although the number of hacker attacks decreased in the second quarter, losses due to crypto attacks and vulnerabilities surged to $2.47 billion in the first half of 2025. There were a total of 144 incidents in the second quarter, resulting in losses exceeding $800 million. Compared to the previous quarter, the loss amount decreased by 52%, and the number of hacking incidents dropped by 59.
In the first half of 2025, losses from hacking, fraud, and vulnerabilities have exceeded $2.47 billion, nearly a 3% increase compared to the $2.4 billion stolen throughout 2024.
The vast majority of losses stemmed from a single incident, the $1.4 billion hack of Bybit on February 21, marking the largest cyber attack in the history of the cryptocurrency industry.
Gu from CertiK stated that the industry's continuously upgraded cybersecurity measures are forcing hackers to seek new exploitable vulnerabilities, including those related to human psychology. He explained:
Gu added that during 2024, about half of the security incidents in the crypto industry were due to "operational risks," such as private key leaks.
As cryptocurrency phishing scams have once again become rampant this year, hackers are increasingly targeting the weak points in human behavior. These social engineering attacks often involve sharing fake links to steal sensitive information from victims, such as private keys to crypto wallets.
On August 6, an investor lost $3 million worth of USDt (USDT) after mistakenly clicking on a malicious blockchain transaction.
Like most investors, the victim likely only compared the first and last few characters of the wallet address before transferring $3 million to the attacker. In reality, the difference in the middle characters could have been detected, but platforms often hide the middle part of the address for aesthetic reasons.
Another victim fell prey to a sophisticated phishing attack on August 3, losing over $900,000 in digital assets. According to Cointelegraph, the user unknowingly signed a malicious authorization transaction, and 458 days later, their wallet was emptied.
Related: Reports indicate that Bitpanda has scrapped its London IPO plans due to liquidity concerns.
Original article: “CertiK Warns: Facing $2.5 Billion in Massive Theft and Losses, Crypto Hackers Will Be Engaged in an 'Endless War'”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
