Social engineering scams remain the leading threat to crypto users, according to 2025 data from cryptocurrency trading platform WhiteBIT shared with CoinDesk.

In its report, the exchange said it found that 40.8% of all crypto security incidents this year involved fraudsters deceiving victims through fake investment offers or impersonation tactics.

Technical wallet hacks, via phishing, malware or keyloggers, followed at 33.7%. Messaging platforms, particularly Telegram, were also flagged, with over 10% of scams involving so-called “scrolling scams” where users are lured into fraudulent channels.

"While technology-based attacks are significant, the majority of threats target human behavior,” WhiteBit’s compliance team wrote in the report. “This is why proactive security is critical.”

That proactive security doesn’t just involved two-factor authentication use or leveraging reliable wallets and exchanges, the team wrote. It’s also about never sharing sensitive data and verifying URLs carefully to ensure interactions are always only with official platforms.

The findings echo broader industry concerns. Certik reported nearly $2.5 billion lost to crypto crime in the first half of 2025 alone, while Chainalysis highlighted the Bybit hack, believed to be orchestrated by North Korea’s Lazarus Group, as the largest theft in crypto history, totaling $1.5 billion.

To counter risks, WhiteBIT said secure exchanges store most user assets in cold wallets, use Web Application Firewalls, and undergo regular audits. The company said it ticks these boxes, while also holding cybersecurity certifications.

“Together, these measures combined with vigilant user practices create a robust defense against evolving crypto threats,” the exchange’s compliance team added.