Fewer Breaches, Bigger Threat: Supply Chain Attacks Shake Crypto Security

TLDR

• Hackers stole $3.3 billion in 2025, concentrating the loot in larger-scale attacks with higher technical sophistication.
• Security incidents decreased by 162 cases, suggesting an improvement in protocol-level cybersecurity measures.
• Fraud through phishing and “pig butchering” scams consolidated as the second largest threat to investors.

 

The latest data from security firm CertiK reveals that the crypto ecosystem is facing a transformation in its threat landscape. According to the firm, attackers have stolen a total of $3.3 billion this 2025.

The 2025 Skynet Hack3d Report is here.

$3.35B lost. 700+ incidents. New attack vectors. Key trends.

Get the most detailed breakdown of Web3 security in 2025, from exploits to insights.

Read the full report👇https://t.co/EfWupS604N

— CertiK (@CertiK) December 23, 2025

However, it is not the volume of incidents that defines this year, but their nature. That is, the number of attacks fell sharply, but losses became more devastating due to supply chain attacks in cryptocurrency.

This shift in strategy indicates that protocol code defenses have been strengthened, forcing attackers to abandon simple vulnerabilities to focus on infrastructure and service providers.

The impact of supply chain attacks in cryptocurrency

The report states that infrastructure breaches became the deadliest threat of 2025. Just two incidents accounted for $1.45 billion in losses, highlighted by the massive Bybit hack in February, which amounted to $1.4 billion.

The rise of supply chain attacks in cryptocurrency demonstrates that well-coordinated and well-funded threat actors are now targeting the pillars that support the ecosystem.

Although the average amount lost per hack rose by 66% (reaching $5.3 million), the median loss fell by 35.75% to just over $103,000. This statistical discrepancy reinforces the idea that, while the average user is better protected against technical failures, large platforms are the primary targets for surgical exploits.

On the other hand, the human factor remains the weak link. Phishing generated cumulative losses of $722 million, where “pig butchering” scams stood out for their cruelty and the use of artificial intelligence for emotional manipulation.

In summary, although supply chain attacks in cryptocurrency lead institutional losses, social engineering continues to drain retail investors’ savings at an alarming rate.