The majority of crypto exploits in the coming year won’t be caused by a zero-day bug in your favorite protocol, say crypto security experts. It’s going to be caused by you.
That’s because 2025 has shown that the majority of hacks don’t start with malicious code; they begin with a conversation, Nick Percoco, chief security officer of crypto exchange Kraken, told Cointelegraph.
“Attackers aren’t breaking in, they’re being invited in.”
From January to early December 2025, data from Chainalysis shows that the crypto industry witnessed over $3.4 billion in theft, with the February compromise of Bybit accounting for nearly half of that total.
During the attack, bad actors gained access through social engineering, injected a malicious JavaScript payload that allowed them to modify transaction details and siphon off funds.
What is social engineering?
Social engineering is a cyberattack method that manipulates people into revealing confidential information or performing actions that compromise security.
Percoco said the battleground for crypto security will be in the mind, not cyberspace.
“Security is no longer about building higher walls, it’s about training your mind to recognize manipulation. The goal should be simple: don’t hand over the keys to the castle just because someone sounds like they belong inside or are instilling panic.”
Tip 1: Use automation where possible
Supply chain compromises have also proven to be a key challenge this year, according to Percoco, as a seemingly minor breach can prove to be devastating later on, because “it’s a digital Jenga tower, and the integrity of every single block matters.”
In the year ahead, Percoco recommends reducing human trust points through actions like automating defenses where possible and verifying every digital interaction through authentication in a “shift from reactive defense to proactive prevention.”
“The future of crypto security will be shaped by smarter identity verification and AI-driven threat detection. We’re entering an era where systems can recognize abnormal behavior before the user, or even trained security analysts, can even realize something is wrong.”
“In crypto especially, the weakest link remains human trust, amplified by greed and FOMO. That’s the crack that attackers exploit every time. But no technology replaces good habits,” he added.
Tip 2: Silo out infrastructure
Lisa, the security operations lead from SlowMist, said bad actors increasingly targeted developer ecosystems this year, which, combined with cloud-credential leaks, created opportunities to inject malicious code, steal secrets, and poison software updates.
“Developers can mitigate these risks by pinning dependency versions, verifying package integrity, isolating build environments, and reviewing updates before deployment,” she said.
Going into 2026, Lisa predicts the most significant threats will likely stem from increasingly sophisticated credential-theft and social-engineering operations.
“Threat actors are already leveraging AI-generated deepfakes, tailored phishing, and even fake developer hiring tests to obtain wallet keys, cloud credentials, and signing tokens. These attacks are becoming more automated and convincing, and we expect this trend to continue,” she said.
To stay safe, Lisa’s advice for organizations is to implement strong access control, key rotation, hardware-backed authentication, infrastructure segmentation, and anomaly detection and monitoring.
Individuals should rely on hardware wallets, avoid interacting with unverified files, cross-check identities across independent channels, and treat unsolicited links or downloads with caution.
Tip 3: Proof of personhood to battle AI deepfakes
Steven Walbroehl, co-founder and chief technology officer of blockchain cybersecurity firm Halborn, predicts AI-enhanced social engineering will play a significant role in the crypto hackers’ playbooks.
In March, at least three crypto founders reported foiling an attempt from alleged North Korean hackers to steal sensitive data through fake Zoom calls that used deepfakes.
Walbroehl warns that hackers are using AI to create highly personalized, context-aware attacks that bypass traditional security awareness training.
To combat this, he suggests implementing cryptographic proof-of-personhood for all critical communications, hardware-based authentication with biometric binding, anomaly detection systems that baseline normal transaction patterns, and establishing verification protocols using pre-shared secrets or phrases.
Tip 4: Keep your crypto to yourself
Wrench attacks, or physical attacks on crypto holders, were also a prominent theme of 2025, with at least 65 recorded instances, according to Bitcoin OG and cypherpunk Jameson Lopps’ GitHub list. The last bull market peak in 2021 was previously the worst year on record,…
cointelegraph.com