BrokerHiveXBrokerHiveX
Cryptocrime escalates in 2025 | $247 million stolen, AI and social engineering dominate new attack wave
industry2 months before
Summary:Cryptocurrency crime is projected to reach $2.47 billion in 2025, with attackers shifting from exploiting smart contract vulnerabilities to social engineering and AI-driven phishing tactics. This article analyzes the latest crime trends, the flow of stolen funds, key attack methods, and investor protection recommendations.
1. Industry Overview: Cryptocurrency Crime Amount Exceeds $2.47 Billion
The global crypto asset security situation deteriorated again in 2025. According to the latest security reports released by ICO Bench and Chainalysis , the crypto industry had accumulated losses of approximately $2.47 billion by the end of September this year, a nearly 38% increase compared to the same period in 2024.
Among them, the means of attack are undergoing major changes:
The proportion of protocol vulnerability attacks will drop from 56% in 2024 to 27% this year;
Social engineering and phishing attacks accounted for more than 40% of the total for the first time;
The growth rate of AI-driven attacks (such as Deepfake scams) exceeded 180%.
📉 The report points out that this shift means that attackers no longer rely primarily on smart contract vulnerabilities, but instead directly target the social behavior and psychological weaknesses of individual users, team members, and even company executives .
2. Major changes in attack methods: from technical vulnerabilities to "human vulnerabilities"
Two trends are particularly evident in security incidents in 2025:
1. 🧠 AI-driven phishing attacks surge
Attackers use AI to generate voice and deepfake videos to impersonate exchange customer service, fund managers, or founders, tricking users into signing malicious contracts and authorizing wallet access.
Case: In May, a Singaporean user lost $2.2 million in ETH due to deep fake customer service instructions to sign a malicious smart contract.
2. 📱 Social engineering becomes the main battlefield
Unlike traditional vulnerabilities, social engineering is almost impossible to defend against through code audits.
Common methods include: fake investment communities, impersonating trading platforms, phishing websites, and airdrop scams.
Attackers often commit fraud after establishing trust through social platforms such as Telegram and Discord.
📊Changes in attack method proportions (2024 vs 2025):
| Attack Type | 2024 proportion | 2025 share | Growth Trend |
|---|---|---|---|
| Smart Contract Vulnerabilities | 56% | 27% | 📉 -29% |
| Social Engineering/Phishing | 28% | 42% | 📈 +14% |
| Wallet permission hijacking | 9% | 18% | 📈 +9% |
| AI-driven attacks | 4% | 13% | 📈 +9% |
3. Capital Flows: Stolen Assets Accelerate Decentralized Money Laundering
According to Elliptic ’s on-chain tracking report, the flow of stolen crypto assets is becoming increasingly complex.
| Platform/Tool | Proportion of capital inflow | Function |
|---|---|---|
| Tornado Cash / Railgun | 42% | Mixing coins and hiding the source of assets |
| Decentralized cross-chain bridge | 27% | Transfer assets from the main chain to the hidden chain |
| Small exchanges (CEX) | 18% | Withdraw funds/wash coins |
| NFT Platform/OTC Over-the-Counter Trading | 8% | Disguised as NFT transactions for laundering |
🔎 It is worth noting that some hacker teams even use new methods such as NFT "pseudo auctions" to launder assets, further increasing the difficulty of tracking.
4. Typical Cases: Frequent Losses from Millions to Tens of Millions
| time | event | Amount stolen | Attack method |
|---|---|---|---|
| 2025/03 | Atomic Wallet hacked | $35M | Phishing + Permission Hijacking |
| 2025/05 | Singaporean users scammed by Deepfake customer service | $2.2M | AI Voice Phishing |
| 2025/07 | DeFi platform Orion hacked | $11M | Social Engineering + Contract Vulnerability Combination |
| 2025/08 | ERC-20 wallet mass phishing incident | $16M | Malicious authorization contract |
| 2025/09 | NFT auction money laundering case | $8.7M | NFT Pseudo Transaction Chain |
Industry analysts pointed out: "These attacks are no longer scattered incidents, but organized and systematic attacks, and may be operated by professional teams or even nation-state hackers."
5. Industry Experts: AI and Human Nature Are the Future's "Biggest Security Shortcomings"
A research report by cybersecurity company SlowMist points out that in the next 2-3 years, the focus of encryption crimes will shift from "technical attack and defense" to "psychological and behavioral manipulation."
"We are witnessing a shift from vulnerabilities in code to vulnerabilities in human nature.
Traditional defenses are nearly ineffective against AI-enabled fraud.”
— Simon Yu, Lead Researcher at SlowMist
Experts suggest that exchanges and wallet platforms should strengthen user security education, wallet signature reminder mechanisms , and promote defense measures such as biometrics and AI risk monitoring models .
6. Investor Protection Tips: Five Signs to Identify "New Attacks"
| Risk Signals | Warning Notes |
|---|---|
| 📞 AI voice/video request for transfer | Never accept contract operation instructions via voice/video |
| 💬Social platform "Customer Service" proactively contact | The official platform will not actively DM users |
| 🔗Unknown source airdrop/signature link | Never click or authorize at will |
| 🪪Require authorization of all token permissions | Check authorization scope when using wallet |
| 🛑Undisclosed team or no white paper | Stay away from projects with no transparency |
📊 Summary: The crypto industry has entered the era of “social engineering”
The crypto security landscape of 2025 is fundamentally changing.
Attackers no longer focus on technical vulnerabilities, but instead leverage AI and social engineering to directly attack users' psychological defenses. Security protection is no longer a matter of code auditing, but a battle of cognition and behavior.
For investors, the only defense strategy is to raise security awareness: do not trust unverified information, do not sign any contracts easily, and do not grant unlimited permissions to unfamiliar applications.
⚠️Risk Warning and Disclaimer
BrokerHivex is a financial media platform that displays information from the public internet or user-uploaded content. BrokerHivex does not support any trading platform or instrument. We are not responsible for any trading disputes or losses arising from the use of this information. Please note that the information displayed on the platform may be delayed, and users should independently verify its accuracy.
Evaluate
Su***ey