Analysis suggests that this was the year with the heaviest losses for the crypto space due to hacking, but the problem lay with "people" rather than s...

According to ChainCatcher, market sources indicate that while 2025 was the worst year for hacking in the cryptocurrency world on record, most of the losses stemmed from Web2-style operational errors such as password leaks and social engineering, rather than on-chain code vulnerabilities.

Immunefi CEO Mitchell Amador pointed out that on-chain security is improving significantly, with the main attack surface shifting to the vulnerability of "humans." He believes that 2026 will be the best year for on-chain security as code becomes increasingly difficult to exploit, but this also means that attackers will turn to more sophisticated social engineering and AI-assisted fraud.

Chainalysis’ annual report also confirms this trend, with data showing that approximately $17 billion in cryptocurrency losses due to fraud and scams occurred in 2025. Impersonation scams increased by 1,400% year-on-year, while AI-driven scams were 450% more profitable than traditional methods.

Amador also warned that over 90% of projects still have critical exploitable vulnerabilities, and the adoption rate of industry protection tools is extremely low: less than 1% of industry participants use firewalls, and less than 10% use AI detection tools. He stated that AI will change the pace of both offense and defense in 2026, and the rise of on-chain AI agents will bring entirely new attack surfaces. How to properly protect these autonomous decision-making systems will become the main security challenge of the next cycle.