Most crypto exploits in the upcoming year won’t stem from a zero-day vulnerability in your preferred protocol, according to crypto security experts. Instead, they’ll likely result from user actions.
In 2025, it has become apparent that the majority of hacks don’t initiate with malicious code; they begin through conversation, as shared by Nick Percoco, chief security officer of crypto exchange Kraken, to Cointelegraph.
“Attackers aren’t breaking in, they’re being invited in.”
From January to early December 2025, data from Chainalysis indicates that the crypto sector experienced over $3.4 billion in theft, with the February breach of Bybit responsible for nearly half of that amount.
During this attack, malicious actors accessed the system via social engineering, deploying a harmful JavaScript payload that enabled them to alter transaction details and steal funds.
What is social engineering?
Social engineering refers to a cyberattack strategy that exploits human psychology to extract confidential information or prompt actions that compromise security.
Percoco stated that the frontline in crypto security lies within individuals’ minds, rather than in cyberspace.
“Security is no longer about building higher walls; it’s about training your mind to recognize manipulation. The aim should be clear: don’t surrender the keys to the castle merely because someone appears to belong inside or is inciting panic.”
Tip 1: Use automation where possible
Supply chain vulnerabilities have emerged as a pressing issue this year, Percoco noted, as even a minor breach can lead to disastrous consequences. “It’s a digital Jenga tower, and the integrity of every block is crucial.”
In the upcoming year, Percoco advises limiting human trust points through measures like automating defenses where feasible and verifying each digital interaction through authentication, marking a shift from reactive defense to proactive prevention.
“The future of crypto security will focus on smarter identity verification and AI-driven threat detection. We are entering an age where systems can identify abnormal behavior even before the user or trained security analysts pick up on it.”
“In cryptocurrency, the most vulnerable link remains human trust, further exploited by greed and FOMO. This vulnerability is what attackers exploit continually. But no technology can replace good habits,” he emphasized.
Tip 2: Silo out infrastructure
Lisa, the security operations lead from SlowMist, observed that bad actors have increasingly targeted developer ecosystems this year. This, along with cloud credential leaks, has created pathways for injecting harmful code, stealing secrets, and corrupting software updates.
“Developers can mitigate such risks by pinning dependency versions, verifying package integrity, isolating build environments, and reviewing updates before deployment,” she noted.
As we move into 2026, Lisa predicts that the most significant threats will arise from increasingly sophisticated credential theft and social engineering tactics.
“Threat actors are already using AI-generated deepfakes, customized phishing attempts, and even fake developer hiring tests to gain access to wallet keys, cloud credentials, and signing tokens. These attacks are becoming more automated and convincing, and this trend is expected to persist,” she said.
To maintain security, Lisa recommends organizations implement robust access controls, key rotation, hardware-backed authentication, infrastructure segmentation, and anomaly detection and monitoring.
Individuals should utilize hardware wallets, steer clear of unverified files, validate identities across independent channels, and approach unsolicited links or downloads with caution.
Tip 3: Proof of personhood to combat AI deepfakes
Steven Walbroehl, co-founder and chief technology officer of blockchain cybersecurity firm Halborn, anticipates that AI-driven social engineering will significantly influence crypto hackers’ strategies.
In March, at least three crypto founders reported thwarting an attempt by suspected North Korean hackers to extract sensitive information through fraudulent Zoom calls utilizing deepfakes.
Walbroehl alerts that hackers are employing AI to launch highly personalized, context-aware attacks that evade traditional security training.
To counter this, he recommends implementing cryptographic proof-of-personhood in all crucial communications, hardware-based authentication with biometric links, anomaly detection systems to establish normal transaction patterns, and creating verification protocols that utilize pre-shared secrets or phrases.
Tip 4: Keep your crypto to yourself
Wrench attacks, or physical assaults on crypto holders, also marked 2025, with at least 65 recorded incidents, according to Bitcoin OG and cypherpunk Jameson Lopps’ GitHub list. The previous bull market peak in 2021 was the worst year on record, with a total of 36 documented attacks.
An X user identified as Beau, a former CIA officer, expressed in a Dec. 2 post that while wrench attacks are still relatively uncommon, they recommend crypto users exercise caution by avoiding discussions about wealth or revealing crypto holdings or extravagant lifestyles online as a starting point.
He also advises transforming into a “hard target” by employing data cleanup tools to obfuscate private personal information, such as home addresses, and investing in home security measures like cameras and alarms.
Tip 5: Don’t skimp on the tried and true security tips
David Schwed, a security expert with a background as the chief information security officer at Robinhood, emphasizes the importance of relying on reputable businesses that display rigorous security practices, including thorough and regular third-party security assessments across their entire stack, from smart contracts to infrastructure.
Regardless of technology, Schwed advises users to refrain from reusing passwords across multiple accounts, opt for a hardware token as a multifactor authentication method, and secure the seed phrase by encrypting it or storing it offline in a safe physical location.
He also recommends utilizing a dedicated hardware wallet for significant holdings and minimizing assets held on exchanges.
Related: Spear phishing is North Korean hackers’ top tactic: How to stay safe
“Security revolves around the interaction layer. Users must remain hyper-vigilant when connecting a hardware wallet to a new web application and thoroughly validate the transaction data presented on the hardware device’s screen before signing. This practice prevents ‘blind signing’ of harmful contracts,” Schwed added.
Lisa shared her top advice: only use official software, avoid engaging with unverified URLs, and distribute funds among hot, warm, and cold configurations.
To counter the increasing sophistication of scams like social engineering and phishing, Kraken’s Percoco emphasizes the need for “radical skepticism” at all times, verifying authenticity and assuming every message is a test of awareness.
“And one universal truth remains: no legitimate company, service, or opportunity will ever ask for your seed phrase or login credentials. The moment they do, you’re communicating with a scammer,” Percoco added.
Meanwhile, Walbroehl suggests generating keys using cryptographically secure random number generators, maintaining strict separation between development and production environments, conducting regular security audits, and planning incident responses with routine drills.
Magazine: When privacy and AML laws conflict: Crypto projects’ impossible choice
