Written by: Castle Labs
Translated by: Block unicorn
2025 is a year full of contradictions. As institutional legitimacy continues to strengthen, the industry has also witnessed a shift of wealth from inexperienced users to a new group of "PVP" (player versus player) participants. We have seen the industrialization of insider trading, a wave of celebrity endorsement pump-and-dump schemes, and state-level hacking attacks.
But losses stem not only from greed but also from failure. From the collapse of trusted DeFi protocols to Bybit suffering an astonishing $1.5 billion exploit. The facts of 2025 have proven that while technology is maturing, the security measures supporting it often remain fragile.
This article mainly discusses various scams and hacking incidents that occurred last year, what lessons we learned from them, how we responded, and why we repeatedly fell into the same traps.
Meme Coins, Pumpdotfun, Insider Trading, and More
Pumpfun solidified its position in the crypto space in 2024. The platform's concept is to abstract the process of creating tokens into a front-end interface, and they successfully achieved this. The platform generated over $900 million in revenue, peaking at the end of the previous year and the beginning of last year. This golden period contributed a considerable net income, mainly due to the launch of several meme coins and AI projects. The activity in the following months seemed to persist until November, with revenue reaching $40 million.
The peak revenue period of the platform coincided with frequent suspicious on-chain activities, and more broadly, was closely related to criminal activities. Tokens issued on the platform were almost instantly sold off to zero. Most of these token issuances were outright scams, with none genuinely focused on long-term development. Meanwhile, the platform's "live streaming" feature exacerbated the chaos, as token developers engaged in various crazy performances to pump up token prices, ultimately evolving into a dystopian atmosphere (see Netflix's "Black Mirror" episode "Nosedive"). The platform later shut down this feature and phased it back in from the second to the third quarter of 2025, while strengthening the review mechanism and implementing stricter policies to prohibit violence, harassment, and illegal activities.
Looking back at the quality of cryptocurrencies issued on the platform, the vast majority (>99%) had a market cap of less than $100,000. Given the nature of cryptocurrencies, this data is expected but also reflects people's greedy mindset and their delusions of accumulating wealth through these cryptocurrencies.
In light of this strong retail demand, with everyone scrambling to buy various meme coins and newly issued tokens in hopes of getting rich overnight, several significant insider trading cases involving large meme coins emerged. The Libra token was one of them, followed by dozens of similar cases. If you were active on CT forums at the time, you might remember Hayden Davis saying in a group chat: "That's right, we are working hard to maximize the extraction of profits from this token."
By the way, celebrity coins are not issued independently; they are usually orchestrated by players like "Sahil Arora," who assist celebrities (including Caitlyn Jenner, Rich the Kid, etc.) in the entire process of issuing, promoting, and selling cryptocurrencies to their fans.
With each token issuance, there are always many "snipers" waiting for the opportunity to buy large amounts of tokens when liquidity is low, then slowly sell off for profit. In contrast, insider trading is more lethal because a few individuals can obtain information about token issuances in advance, buy in large quantities, and then sell for profit later. If the advantage of "snipers" lies in the code, then the advantage of insider trading lies in information arbitrage. It is this information arbitrage that makes such trades highly profitable, especially during hot token issuances. These insiders typically complete their purchases before the official announcement is made, and after the announcement, as retail investors flood in, the token valuation skyrockets, allowing them to reap substantial profits.
The same tactics are repeatedly used for different celebrity tokens, with insiders extracting funds from retail investors. But eventually, users stopped paying attention to the issuance of such tokens and viewed them as scams from the start. They initially did not see them as scams because of the success of the Trump token—this token reached a valuation of about $14.5 billion in just one day—and most on-chain users did not trade it initially because they thought it was a scam. The price chart of the Trump token did not always "rise steadily," but it was not as malicious as some other tokens.
A Year of Major Hacking Attacks
This year also had another distinction: in previous years, we rarely saw traditional DeFi protocols being attacked. However, this year, some excellent protocols became targets for attackers. Two of the most significant incidents include GMX V1 and Balancer V2, both of which were hacked, resulting in losses of $42 million (later recovered) and over $120 million, respectively. Hackers also stole over $220 million in one attack, prompting Sui Network chain validators to intervene during the Cetus hacking incident and raising questions about the immutability of blockchain. However, for those users who recovered their funds, that was the most important thing.
On the other hand, we witnessed a massive centralized failure: Bybit was hacked, losing about $1.5 billion; the Iranian exchange Nobitex was attacked by pro-Israel hackers, losing $100 million.
Last year was unusual, with many tail events sweeping through DeFi and CeFi, totaling recorded losses of about $3 billion, surpassing the previous year's figures. In most attacks, North Korea appeared to be the main attacker, funding its regime through cryptocurrency attacks.
On the other hand, if you observe the total locked value (TVL) ratio of Ethereum that has been hacked, you will find it is declining. As Vitalik mentioned in his article last September, we are entering a "low-risk DeFi" phase.
As DeFi evolves, the risks of participation are decreasing. The reduction of risks is driving us toward the next application phase, better serving the global permissionless financial market. Nevertheless, the DeFi hacking incidents that occurred last year still highlight the tail risks we all face. However, as the ecosystem develops, more traditional tools are also finding opportunities for application: for example, isolation and insurance. A good example is the Aave application, which will attract many new users to DeFi with better coverage and insurance than traditional banks, positioning Aave as an on-chain bank.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
