Cointelegraph by Stephen Katte
The majority of crypto exploits in the coming year won’t be caused by a zero-day bug in your favorite protocol, say crypto security experts. It’s going to be caused by you.
That’s because 2025 has shown that the majority of hacks don’t start with malicious code; they begin with a conversation, Nick Percoco, chief security officer of crypto exchange Kraken, told Cointelegraph.
“Attackers aren’t breaking in, they’re being invited in.”
From January to early December 2025, data from Chainalysis shows that the crypto industry witnessed over $3.4 billion in theft, with the February compromise of Bybit accounting for nearly half of that total.
During the attack, bad actors gained access through social engineering, injected a malicious JavaScript payload that allowed them to modify transaction details and siphon off funds.
What is social engineering?
Social engineering is a cyberattack method that manipulates people into revealing confidential information or performing actions that compromise security.
Percoco said the battleground for crypto security will be in the mind, not cyberspace.
“Security is no longer about building higher walls, it’s about training your mind to recognize manipulation. The goal should be simple: don’t hand over the keys to the castle just because someone sounds like they belong inside or are instilling panic.”
Tip 1: Use automation where possible
Supply chain compromises have also proven to be a key challenge this year, according to Percoco, as a seemingly minor breach can prove to be devastating later on, because “it’s a digital Jenga tower, and the integrity of every single block matters.”
In the year ahead, Percoco recommends reducing human trust points through actions like automating defenses where possible and verifying every digital interaction through authentication in a “shift from reactive defense to proactive prevention.”
“The future of crypto security will be shaped by smarter identity verification and AI-driven threat detection. We’re entering an era where systems can recognize abnormal behavior before the user, or even trained security analysts, can even realize something is wrong.”
“In crypto especially, the weakest link remains human trust, amplified by greed and FOMO. That’s the crack that attackers exploit every time. But no technology replaces good habits,” he added.
Tip 2: Silo out infrastructure
Lisa, the security operations lead from SlowMist, said bad actors increasingly targeted developer ecosystems this year, which, combined with cloud-credential leaks, created opportunities to inject malicious code, steal secrets, and poison software updates.
“Developers can mitigate these risks by pinning dependency versions, verifying package integrity, isolating build environments, and reviewing updates before deployment,” she said.
Going into 2026, Lisa predicts the most significant threats will likely stem from increasingly sophisticated credential-theft and social-engineering operations.
“Threat actors are already leveraging AI-generated deepfakes, tailored phishing, and even fake developer hiring tests to obtain wallet keys, cloud credentials, and signing tokens. These attacks are becoming more automated and convincing, and we expect this trend to continue,” she said.
To stay safe, Lisa’s advice for organizations is to implement strong access control, key rotation, hardware-backed authentication, infrastructure segmentation, and anomaly detection and monitoring.
Individuals should rely on hardware wallets, avoid interacting with unverified files, cross-check identities across independent channels, and treat unsolicited links or downloads with caution.
Tip 3: Proof of personhood to battle AI deepfakes
Steven Walbroehl, co-founder and chief technology officer of blockchain cybersecurity firm Halborn, predicts AI-enhanced social engineering will play a significant role in the crypto hackers’ playbooks.
In March, at least three crypto founders reported foiling an attempt from alleged North Korean hackers to steal sensitive data through fake Zoom calls that used deepfakes.
Walbroehl warns that hackers are using AI to create highly personalized, context-aware attacks that bypass traditional security awareness training.
To combat this, he suggests implementing cryptographic proof-of-personhood for all critical communications, hardware-based authentication with biometric binding, anomaly detection systems that baseline normal transaction patterns, and establishing verification protocols using pre-shared secrets or phrases.
Tip 4: Keep your crypto to yourself
Wrench attacks, or physical attacks on crypto holders, were also a prominent theme of 2025, with at least 65 recorded instances, according to Bitcoin OG and cypherpunk Jameson Lopps’ GitHub list. The last bull market peak in 2021 was previously the worst year on record, with a total of 36 recorded attacks
An X user under the handle Beau, a former CIA officer, said in an X post on Dec. 2 that wrench attacks are still relatively rare, but he still recommends crypto users take precautions by not talking about wealth or disclosing crypto holdings or extravagant lifestyles online as a start.
He also suggests becoming a “hard target” by using data cleanup tools to hide private personal information, such as home addresses, and investing in home defenses like security cameras and alarms.
Tip 5: Don’t skimp on the tried and true security tips
David Schwed, a security expert who has worked at Robinhood as the chief information security officer, said his top tip is to stick to reputable businesses that demonstrate vigilant security practices, including rigorous and regular third-party security audits of their entire stack, from smart contracts to infrastructure.
However, regardless of the technology, Schwed said users should avoid using the same password for multiple accounts, opt to use a hardware token as a multifactor authentication method and safeguard the seed phrase by securely encrypting it or storing it offline in a secure, physical location.
He also advises using a dedicated hardware wallet for significant holdings and minimizing holdings in exchanges.
Related: Spear phishing is North Korean hackers’ top tactic: How to stay safe
“Security hinges on the interaction layer. Users must remain hyper vigilant when connecting a hardware wallet to a new web application and must thoroughly validate the transaction data displayed on the hardware device’s screen before signing. This prevents ‘blind signing’ of malicious contracts,” Schwed added.
Lisa said her best tips are to only use official software, avoid interaction with unverified URLs, and separate funds across hot, warm, and cold configurations.
To counter the growing sophistication of scams like social engineering and phishing, Kraken’s Percoco recommends “radical skepticism” at all times, by verifying the authenticity and assuming every message is a test of awareness.
“And one universal truth remains: no legitimate company, service, or opportunity will ever ask for your seed phrase or login credentials. The moment they do, you’re talking to a scammer,” Percoco added.
Meanwhile, Walbroehl recommends generating keys using cryptographically secure random number generators, strict segregation between development and production environments, regular security audits and incident response planning with regular drills.
Magazine: When privacy and AML laws conflict: Crypto projects’ impossible choice
