Wallet, Side View, and Weak Phase

Fixing the biggest weakness in crypto hacking

Original text: Wallets, Warnings, and Weak Links

Author: Prathik Desai

Compiled by: Plain Language Blockchain

Cover: Photo by Shubham Dhage on Unsplash

Hello, it all started with a message. It seemed credible, and there was no problem at all; your LinkedIn profile showed some shared stock holdings. The recruiter said they saw you on GitHub and wanted to offer you a well-funded central position in an "AI-meets-DeFi" protocol. You quickly browsed their website. It was stylish, concise, and covered all the expected jargon. There was a screening test. It was presented as a branded ZIP file.

You unzip the file, the installer starts—a wallet permission prompt lights up on the screen for a moment. You click it without thinking. Nothing has happened yet. The laptop hasn't crashed. Five minutes later, your Solana wallet is empty.

This is not random speculation. These children are part of an attack process linked to North Korean hacking groups that blockchain analysts have been documenting. Suspected recruiters, Trojan-infected test files, and malware are being used to steal wallets.

Today’s article will take you through the evolution of crypto vulnerabilities in 2025 and how to protect your motherboard from some of the most common on-chain attacks.

Between January and September 2025, hackers linked to North Korea stole more than $2 billion worth of cryptocurrency. According to blockchain analytics firm Elliptic, 2025 has become the worst year for digital asset crime by value.

A significant portion of the total losses is attributed to the Bybit attack in February, which emptied $1.4 billion from the cryptocurrency exchange. The total value of the crypto assets stolen by North Korea now exceeds $6 billion.

Beyond the numbers, what's striking in the Oval report is how the dramatic shift in cryptographic vulnerabilities has become. It notes that " most hacks in 2025 were carried out through social engineering attacks ," a departure from previous years where the majority of breaches were infrastructure-related, such as the infamous Ronin Network attacks of 2022 and 2024, or the DAO attack of 2016.

Recently, this vulnerability has shifted from infrastructure to "people." Chainaanalysis also reported that private key leaks accounted for the largest share (43.8%) of stolen cryptocurrency in 2024.

Clearly, with the development of encryption technology and the strengthening of security at the protocol and blockchain levels, attackers can more easily identify and target the "person" holding the private key.

At this level, attacks have become more organized, moving beyond random individual targeting. Recent FBI and CISA press releases describe North Korean-linked activities that combine targeted job offers to cryptographers, the use of trojanized wallet software, and illicit open-source code contributions. While the tools hackers rely on are technical, the entry point is "people" and psychology.

The largest crypto heist ever—the Bybit attack —demonstrates how this can happen on a massive scale. When approximately $1.4 billion worth of ETH was stolen from a single wallet cluster, early technical analysis indicated that the signers failed in their verification of the content they approved. The Ethereum network correctly performed its job by executing valid and signed transactions, but the failure was due to manual human intervention.

Reading: Bybit Attack

During the Atomic Wallet attack , approximately $35 million to $100 million in crypto assets disappeared because the malware targeted how private keys were stored on users' machines.

You've encountered the same problem in many cases. When people transfer funds without verifying the entire wallet address, or store private keys with minimal security measures, the protocol is virtually unbreakable.

Self-safety is not foolproof

The saying "If it's not your key, it's not your coin" still holds true, but the problem arises when people stop thinking about it.

Over the past three years, many users have withdrawn funds from trading platforms, driven by both fear of a second FTX-style crash and a loss of faith in the past. The cumulative trading volume of centralized exchanges (DEXs) has more than tripled in three years, from $3.2 trillion to $11.4 trillion.

While this may seem like a significant upgrade to a secure culture, the risk has shifted from escrow to a state of vulnerability. Browser extensions on laptops, seed phrase saved in phone chats or email drafts, and private keys stored in unencrypted note-taking apps are all ineffective against potential threats.

Retaining self-determined solutions : reliance on the trading platform, custodian, and anyone who might suspend withdrawals or go bankrupt. What it hasn't addressed yet is "knowledge dissemination ." The private key gives you control, but also full responsibility.

Now, have you truly solved this problem?

Hardware wallets offer assistance through "difficulty".

Cold storage solves part of the problem. It takes your assets offline, placing them in a vault-like environment.

Has the problem been solved? Partially solved.

By removing keyboard shortcuts from general-purpose devices, hardware can eliminate the need for browser extensions or one-click transaction approval. They introduce "physical confirmation ," a kind of "hardware" that protects you .

However, a hardware wallet is still a tool.

The wallet's core security team is outspoken about this. Ledger has reported recurring phishing campaigns that exploit the brand, using distorted browser extensions and cloned versions of Ledger Live to scam users. The interface is familiar enough to feel secure, but at some point, users are prompted to enter recovery information. Once lost, the rest is inevitable.

People may also be deceived into entering the recovery platform on the consolidation update page.

Hardware wallets do something by shifting the attack surface and introducing vulnerabilities to reduce the likelihood of them occurring. They cannot completely eliminate vulnerabilities.

Separation is key

Hardware wallets work best when users purchase from trusted sources and protect recovery materials offline and discreetly.

Most people who deal with these people every day, including incident responders, on-chain detectives, and wallet engineers, recommend separating things and diversifying risk.

One wallet is used for daily use, while the other is rarely (never) connected to the internet. Small balances are used for experimentation and DeFi mining, while incremental balances are stored in or even in a vault, requiring multiple steps to access.

In addition to these, the most important thing is basic hygiene habits.

Boring, repetitive habits can often be seen as a savior. Never type seed phrase into any website, no matter how urgent the pop-up sounds. After copying and pasting, check the address on the hardware screen. Pause your thinking before approving any transaction that isn't explicitly under your control . Always be skeptical of links and "support" information in full requests until proven secure.

None of these actions can guarantee absolute safety. There are always some serious risks involved. However, each of these steps represents a step towards reducing those risks.

Currently, for most users, the biggest threat is not zero-day vulnerabilities. It's the information they haven't carefully verified , the installers they download and run immediately because a job offer sounds good , and the seed phrase they write on the same piece of paper as their shopping lists.

When those who risk billions of dollars see these as background noise, they may end up as case studies labeled as "vulnerabilities."

Disclaimer: As a blockchain information platform, the articles published on this site represent only the personal views of the authors and guests and do not reflect the position of Web3Caff. The information contained in the articles is for reference only and does not constitute any investment advice or offer. Please comply with the relevant laws and regulations of your country or region.