In 2025, crypto losses due to vulnerability exploitation will remain very high, with social engineering attacks accounting for the largest share of stolen value.
Data from Sentora and analysis by Chainalysis show that the attack focus is shifting from smart contract vulnerabilities to exploiting human factors, key management, and operational processes, causing risks to spread from exchanges to individual wallets.
- Damages from exploits are projected to exceed $2.53 billion in 2025, with social engineering accounting for the majority of the losses.
- The total value of crypto stolen across the industry in 2025 is estimated at $2.7–$3.4 billion; groups linked to North Korea account for at least $2.02 billion.
- Risk reduction in 2025 should prioritize user security, key management, and operational discipline, not just technical audits.
Social engineering is set to become the dominant attack technique in 2025.
Social engineering was the biggest source of damage from exploits in 2025, accounting for 55.3% of the value stolen, according to Sentora data.
Sentora's "Total TVL of Exploits 2025" chart shows that of the total losses exceeding $2.53 billion associated with exploits, social engineering accounts for 55.3%, equivalent to approximately $1.39 billion.
Compared to purely technical vulnerabilities, this type of attack relies on behavioral manipulation, phishing, process spoofing, or access abuse to bypass technological security layers.
The reference data was published via Sentora's post at Sentora data on X.
Leaking or hijacking of private keys is the second biggest source of damage.
Private key hijacking accounts for 15% of the damage caused by exploits, reflecting the risks from phishing, malware, and weak credentials management.
According to Sentora, "private key compromise" accounts for 15% of the losses caused by exploits, equivalent to approximately $0.37 billion.
This type of incident is often related to phishing, malware, or insecure key storage/transfer processes. In operational practice, Seed Phrase leaks, mistaken transaction signing, or exposed internal access can lead to rapid asset withdrawal without exploiting smart contract vulnerabilities.
Besides social engineering and private key compromise, the remaining damage comes from techniques such as infinite Mint and smart contract exploits.
Total crypto stolen across the industry in 2025 is estimated at $2.7–$3.4 billion.
Chainalysis' analysis estimates the total value of stolen crypto in 2025 to be between $2.7 and $3.4 billion, encompassing various types of theft.
Chainalysis estimates that the total amount of crypto stolen in 2025 (across all theft categories) will be between $2.7 and $3.4 billion, based on analysis and comparison with estimates from industry trackers.
This scope includes large-scale intrusions, personal wallet theft, and other illicit activities. You can XEM the details in Chainalysis' analysis .
The hacking group linked to North Korea accounted for the majority of the stolen value.
Chainalysis estimates that at least $2.02 billion worth of stolen crypto in 2025 will be linked to groups affiliated with or associated with DPRK, an increase of approximately 51% compared to 2024.
According to Chainalysis, North Korean-linked actors continue to be the most active group, with at least $2.02 billion stolen in 2025 linked to DPRK-affiliated groups.
The report also noted that this represents an increase of approximately 51% compared to 2024. This indicates that the risks stem not only from attack techniques, but also from organizational capabilities, targeting abilities, and the exploitation of operational vulnerabilities.
The Bybit mining operation accounts for a large proportion of the losses in 2025.
A significant portion of the total losses came from the record-breaking exploit at the Bybit exchange, where attackers stole an estimated $1.4 billion in assets.
Chainalysis stated that the majority of the total amount linked to DPRK came from the large-scale mining operation on the Bybit exchange, with an estimated value of $1.4 billion stolen.
Such "single-event" events can significantly skew the statistical picture year-on-year, while highlighting the importance of privileged access controls, internal approval processes, and real-time risk monitoring.
The exploit trend is shifting from smart contract vulnerabilities to exploiting user behavior and access rights.
As audit tools and protocol security improve, attackers are increasingly prioritizing exploiting users, operational processes, and access rights rather than simply hunting for smart contract vulnerabilities.
Industry analysts believe that advances in automated auditing, formal verification, and protocol security tools are making large-scale smart contract vulnerabilities less common.
Simultaneously, attackers shifted to tactics targeting users and "privileges," meaning critical control points such as administrator keys, signing privileges, deployment rights, or operational processes at the exchange/custodian.
Chainalysis also noted a sharp increase in personal wallet theft this year, affecting thousands of victims, although the losses per case are generally smaller than in organized attacks.
The ecosystem needs to prioritize user security and operational discipline.
Data from 2025 shows that effective damage reduction depends heavily on user security, key management, and operational hygiene, not just code patching.
The aggregated data suggests that the focus of defense should be broadened: anti-phishing training, multi-layer authentication processes, endpoint protection, privileged access control, and standardized key governance for exchanges, custodians, and wallet providers.
In a context where social engineering plays a significant role, measures such as time-based withdrawal limits, risk transaction warnings, recipient address verification, segregation of duties, and multi-person approval processes can have a noticeable mitigating impact.
Frequently Asked Questions
What is social engineering in crypto and why does it cause such significant damage?
Social engineering is a group of phishing/manipulation techniques used to trick victims into voluntarily providing information, signing transactions, or granting access. In 2025, this technique accounted for 55.3% of the value stolen from exploits, according to Sentora, because it bypasses many layers of technical defenses and directly targets user habits/processes.
How will the losses from exploits and the total amount of data stolen differ in 2025?
“Exploit losses” refers to the losses associated with mining activities (such as social engineering, private key leaks, and smart contract exploits). “Total stolen assets” encompasses all types of crypto theft during the year. Sentora recorded over $2.53 billion in losses due to exploits, while Chainalysis estimated total stolen assets at $2.7–$3.4 billion.
What are the common causes of private key compromise?
According to the data, private key hijacking is often associated with phishing, malware, or poor credentials management. When the private key/ Seed Phrase is exposed, attackers can transfer assets without exploiting smart contract vulnerabilities.
Why are groups linked to North Korea frequently mentioned in crypto theft cases?
Chainalysis reports that at least $2.02 billion worth of crypto stolen in 2025 is linked to DPRK-affiliated groups, an increase of approximately 51% compared to 2024, making them the most prominent actors in the year-on-year statistics.
What measures should ecosystems prioritize to reduce risks in 2025?
The focus should be on user and operational security: anti-phishing/social engineering, strict key management, privileged access control, multi-layered approval processes, and anomaly monitoring. Audits and smart contract security tools remain important, but are insufficient if human error is exploited.
