Social Engineering Caused 65% of Investigated Crypto Incidents in 2025
Social engineering has become the dominant attack vector in the digital asset space, according to a new report from blockchain analytics firm AMLBot. The analysis, which draws on approximately 2,500 of the company's internal investigations from 2025, found that 65% of security incidents stemmed from human-centered exploits rather than vulnerabilities in smart contracts or blockchain protocols. These incidents typically involve compromised devices, weak user verification processes, and delayed detection of fraudulent activity.
The findings underscore a significant challenge for the industry: protocol-level security enhancements are insufficient to protect investors when attackers can bypass technical safeguards by directly manipulating the users themselves. The primary attack methods included device compromises through chat scams, impersonation, and various phishing campaigns designed to steal sensitive information like private keys.
Impersonation Scams Siphoned $9 Million in Three Months
Investment scams were the most common type of incident, making up 25% of cases reviewed by AMLBot. Phishing attacks followed closely at 18%, with device compromises accounting for 13%. Other significant categories included pig butchering scams (8%) and over-the-counter (OTC) fraud (8%). However, impersonation attacks proved particularly damaging, with AMLBot tracing at least $9 million in stolen funds to this method over the last three months.
Attackers continue to exploit and trick victims with a ruthless game of charades, posing as trusted entities. Sometimes they’re exchange support teams, investment partners, project managers or reps.
— Slava Demchuk, CEO of AMLBot.
Demchuk warned investors to never share private keys or recovery phrases and to be highly skeptical of urgent requests involving fund transfers, which are common tactics for initiating social engineering attacks.
Phishing Drove January Crypto Thefts to $370 Million
The trend identified by AMLBot is reflected in broader market data. According to security firm CertiK, crypto thefts reached $370 million in January, the highest monthly total in 11 months. A staggering $311 million of that amount was attributed to phishing and other social engineering schemes. One particularly severe incident saw a single victim lose approximately $284 million, illustrating the catastrophic financial risk posed by these non-technical attacks.
