Crypto security experts assert that most crypto exploits in the coming year won’t stem from zero-day vulnerabilities in popular protocols; they will arise from user actions.
According to Nick Percoco, chief security officer of crypto exchange Kraken, 2025 reveals that most hacks start not with malicious code but with human interaction, as he explained to Cointelegraph.
“Attackers aren’t breaking in; they’re being invited in.”
Data from Chainalysis shows the crypto industry experienced over $3.4 billion in theft between January and early December 2025, with the February breach of Bybit accounting for nearly half of that total.
During an attack, malicious actors used social engineering tactics to gain access, injecting a harmful JavaScript payload that allowed them to alter transaction details and steal funds.
What is social engineering?
Social engineering is a technique employed in cyberattacks that exploits human psychology to obtain confidential information or induce actions that compromise security.
Percoco emphasized that the battle for crypto security is now a psychological one rather than purely technological.
“Security is no longer about building higher walls; it’s about training your mind to recognize manipulation. The objective is straightforward: don’t give away the keys to the castle just because someone appears to belong or is inciting panic.”
Tip 1: Use automation where possible
Supply chain vulnerabilities have emerged as a significant challenge this year, as noted by Percoco, since even a minor breach can lead to severe consequences. “It’s like a digital Jenga tower; every single block’s integrity is essential.”
In the upcoming year, Percoco recommends minimizing human trust points by automating defenses wherever feasible and authenticating every digital interaction, marking a “shift from reactive defense to proactive prevention.”
“The future of crypto security will be defined by intelligent identity verification and AI-based threat detection. We’re stepping into an era where systems can identify abnormal activities before users or even trained security analysts have a chance to realize something is amiss.”
“In crypto, the frailest link remains human trust, magnified by greed and FOMO. This exposure is what attackers leverage time and again. But no amount of technology can replace good habits,” he added.
Tip 2: Silo out infrastructure
Lisa, the security operations lead from SlowMist, pointed out that bad actors increasingly target developer ecosystems this year. Combined with cloud-credential leaks, this provides opportunities to inject harmful code, steal sensitive information, and compromise software updates.
“Developers can reduce these risks by pinning dependency versions, verifying package integrity, isolating build environments, and reviewing updates before deployment,” she noted.
Looking into 2026, Lisa anticipates that the primary threats will likely arise from more sophisticated credential-theft and social-engineering tactics.
“Threat actors are employing AI-generated deepfakes, personalized phishing tactics, and even fake developer hiring tests to acquire wallet keys, cloud credentials, and signing tokens. These attacks are becoming more automated and convincing, a trend we expect to continue,” she added.
To safeguard themselves, Lisa advises organizations to enforce robust access controls, key rotation, hardware-backed authentication, infrastructure segmentation, and anomaly detection and monitoring.
Individuals should utilize hardware wallets, steer clear of unverified files, double-check identities across independent channels, and treat unsolicited links or downloads with suspicion.
Tip 3: Proof of personhood to battle AI deepfakes
Steven Walbroehl, co-founder and chief technology officer of blockchain cybersecurity firm Halborn, predicts that AI-enhanced social engineering will significantly influence crypto hackers’ strategies.
In March, at least three crypto founders reported thwarting an attempt by alleged North Korean hackers to steal sensitive information through fake Zoom calls utilizing deepfakes.
Walbroehl warns that hackers are leveraging AI to craft highly customized, context-aware attacks that circumvent traditional security training.
He recommends the implementation of cryptographic proof-of-personhood in all critical communications, hardware-based authentication with biometric binding, anomaly detection systems that establish baseline normal transaction behaviors, and verification protocols utilizing pre-shared secrets or phrases.
Tip 4: Keep your crypto to yourself
Wrench attacks—physical assaults on crypto holders—were prevalent in 2025, with at least 65 documented incidents, according to Bitcoin OG and cypherpunk Jameson Lopps’ GitHub list. The previous bull market peak in 2021 saw 36 recorded attacks, previously the highest count.
An X user known as Beau, a former CIA officer, stated in an X post on December 2 that wrench attacks remain relatively rare, yet he advises crypto users to exercise discretion by not discussing wealth or revealing crypto holdings or lavish lifestyles online.
He also recommends becoming a “hard target” by using data erasure tools to conceal private personal information, such as home addresses, and investing in home security measures like cameras and alarms.
Tip 5: Don’t skimp on the tried and true security tips
David Schwed, a security expert who has served as chief information security officer at Robinhood, advises sticking to reputable businesses that display strong security practices, including conducting thorough and regular third-party audits of their entire systems, from smart contracts to infrastructure.
Regardless of technology, Schwed emphasizes that users should avoid reusing passwords across multiple accounts, opt for a hardware token as a multifactor authentication method, and securely encrypt or store the seed phrase in a safe physical location.
He also suggests using a dedicated hardware wallet for significant holdings and minimizing assets maintained on exchanges.
Related: Spear phishing is North Korean hackers’ top tactic: How to stay safe
“Security revolves around the interaction layer. Users must remain extremely vigilant when connecting a hardware wallet to new web applications and thoroughly validate the transaction data displayed on the hardware device’s screen before providing a signature. This avoidance of ‘blind signing’ of harmful contracts is vital,” Schwed remarked.
Lisa’s top advice includes only utilizing official software, avoiding interactions with unverified URLs, and distributing funds across hot, warm, and cold wallets.
To combat increasingly sophisticated scams like social engineering and phishing, Kraken’s Percoco advocates for “radical skepticism,” always verifying authenticity and considering every message as a potential test of awareness.
“And one universal truth remains: no legitimate company, service, or opportunity will ever request your seed phrase or login credentials. The moment they do, you’re interacting with a scammer,” Percoco cautioned.
In addition, Walbroehl recommends generating keys using cryptographically secure random number generators, ensuring strict separation between development and production environments, conducting regular security audits, and implementing incident response planning alongside frequent drills.
Magazine: When privacy and AML laws conflict: Crypto projects’ impossible choice
