Despite growing institutional adoption and improving infrastructure, crypto remains a target for hackers and scammers. Total losses from hacks, exploits, and scams exceeded $3 billion in 2025 alone, and early 2026 data suggests the pace is not slowing. The scale of individual incidents has grown alongside the value locked in crypto protocols.
Understanding how these attacks work and how to protect yourself is not optional if you participate in crypto. Even experienced users fall victim to sophisticated attacks, and the irreversible nature of blockchain transactions means there is rarely a way to recover stolen funds.
Major Hacks of 2025 and Early 2026
The Bybit exchange hack in February 2025 was the largest single incident, with approximately $1.5 billion stolen from the exchange's hot wallets. The attack was attributed to the Lazarus Group, a North Korean state-sponsored hacking organization. Bybit covered user losses from its insurance fund and reserves, but the incident shook confidence in centralized exchange security.
Several DeFi bridge exploits continued the pattern from previous years. Cross-chain bridges, which transfer assets between blockchains, remain the most exploited category of crypto infrastructure. The total value lost through bridge exploits exceeded $800 million in 2025 across multiple incidents.
Phishing and social engineering attacks targeting individual users accounted for over $500 million in losses during 2025. These attacks often impersonate trusted platforms, support staff, or airdrop distributions to trick users into approving malicious transactions. The sophistication of these attacks has increased significantly, with some using AI-generated content and deepfake voice calls. For context on market impacts, see our Q2 2026 market outlook. CoinDesk maintains an ongoing tracker of major crypto security incidents.
Common Attack Vectors
Smart contract exploits remain the most common attack vector for DeFi protocols. These exploits target bugs in code, logic errors in protocol design, or vulnerabilities in dependencies. Flash loan attacks, which borrow and repay large sums in a single transaction to manipulate prices, have become increasingly sophisticated.
Private key compromises are the primary vector for centralized exchange hacks. Attackers target the individuals and systems with access to hot wallet private keys through phishing, social engineering, or insider threats. The Bybit hack involved a compromised multisig signing process, highlighting that even multi-signature wallets are only as secure as the humans who control them.
Governance attacks target DeFi protocols with token-weighted voting. Attackers accumulate enough governance tokens to pass malicious proposals that drain protocol treasuries or modify contract parameters. Several mid-tier DeFi protocols suffered governance attacks in 2025 when whale voters pushed through proposals that benefited themselves at the expense of other users.
The Social Engineering Problem
The shift toward social engineering reflects a broader trend in cybersecurity. As smart contract auditing improves and protocol-level security matures, attackers are pivoting to the weakest link: human users. Approval phishing, where users are tricked into signing transactions that grant unlimited token access to attackers, has become the dominant attack method.
Fake airdrop claims have been particularly effective. Attackers create convincing replicas of legitimate airdrop pages, promote them through social media and search ads, and trick users into connecting their wallets and approving malicious transactions. A single mistaken approval can drain an entire wallet.
Address poisoning is another growing threat. Attackers send tiny transactions from addresses that look similar to addresses the victim frequently interacts with. When the victim copies what they think is a familiar address from their transaction history, they send funds to the attacker instead. As reported by CoinTelegraph, address poisoning losses exceeded $100 million in 2025.
How Security Is Improving
The security landscape is not all bad news. Smart contract auditing has become standard practice, with firms like Trail of Bits, OpenZeppelin, and Spearbit providing thorough reviews before protocol launches. Bug bounty programs have grown in size, with some offering multi-million dollar rewards for critical vulnerability reports.
On-chain security tools are becoming more accessible. Wallet guard extensions like Pocket Universe and Blowfish simulate transactions before you sign them, warning you if a transaction would drain your tokens or grant suspicious approvals. These tools have prevented millions in potential losses.
Insurance protocols like Nexus Mutual and InsurAce provide coverage for smart contract exploits, though coverage limits are often lower than the total value at risk. Traditional insurance companies are also entering the space, offering policies for institutional crypto custody. For more on how institutions handle security, read about institutional crypto adoption.
How to Protect Yourself
Use a hardware wallet for any significant holdings. Ledger and Trezor devices keep your private keys offline and require physical confirmation for every transaction. Even if your computer is compromised, a hardware wallet prevents unauthorized transactions.
Regularly review and revoke token approvals. Tools like Revoke.cash let you see which contracts have permission to move your tokens and revoke approvals you no longer need. Unlimited approvals to DeFi contracts are the entry point for many exploits. Set limited approval amounts whenever possible.
Never click links from unsolicited messages, even if they appear to come from platforms you use. Bookmark the official URLs of every exchange and protocol you interact with and only access them through your bookmarks. Verify airdrop claims through official project channels before connecting your wallet to any claim page. Check SEC investor alerts for the latest reported scams. For more on safe storage practices, see our guide on Bitcoin infrastructure.
FAQ
Can stolen crypto be recovered?
Recovery is rare but not impossible. Blockchain analytics firms can sometimes trace stolen funds to centralized exchanges, where law enforcement can freeze accounts. In the Bybit case, the exchange covered losses from reserves. For most individual theft cases involving DeFi exploits or phishing, recovery is extremely unlikely once funds are moved through mixers or privacy protocols.
Are centralized exchanges safe?
Major exchanges invest heavily in security and maintain insurance reserves. However, no exchange is immune to hacking. Keep only what you need for active trading on exchanges and withdraw long-term holdings to self-custody. Choose exchanges with proof-of-reserves audits and transparent security practices.
What should you do if you get hacked?
Act immediately. Revoke all token approvals from the compromised wallet. Transfer any remaining assets to a new, secure wallet. Report the incident to the exchange or protocol involved. File a report with local law enforcement and the FBI IC3 if you are in the US. Document everything for potential insurance claims or tax loss harvesting.
