Analysis: This was the year with the heaviest losses for the crypto space due to hacking, but the problem lay with "people," not smart contracts.
PANews reported on January 19th, citing CoinDesk, that while 2025 was the worst year for cryptocurrency hacking on record, most losses stemmed from Web2-style operational errors such as password breaches and social engineering, rather than on-chain code vulnerabilities. Immunefi CEO Mitchell Amador pointed out that on-chain security is significantly improving, with the primary attack surface shifting to the vulnerability of "humans." He believes that 2026 will be the best year for on-chain security as code becomes increasingly difficult to exploit, but this also means attackers will turn to more sophisticated social engineering and AI-assisted fraud. Chainalysis' annual report corroborates this trend, showing that approximately $17 billion in cryptocurrency losses due to fraud and scams occurred in 2025, with impersonation scams increasing by 1400% year-on-year, and AI-driven scams generating 450% more profit than traditional methods.
Amador also warned that over 90% of projects still have critical exploitable vulnerabilities, and the adoption rate of industry protection tools is extremely low: less than 1% of industry participants use firewalls, and less than 10% use AI detection tools. He stated that AI will change the pace of both offense and defense in 2026, and the rise of on-chain AI agents will bring entirely new attack surfaces. How to properly protect these autonomous decision-making systems will become the main security challenge of the next cycle.
You May Also Like
Stocks and Crypto Market Face Volatility From U.S. Tariffs
CEO Sandeep Nailwal Shared Highlights About RWA on Polygon
