Social engineering attacks have cost the cryptocurrency world billions in 2025, emerging as a critical threat to both individual investors and large crypto firms. Reports indicate that over $3.4 billion was stolen in 2025, with social engineering being a primary attack vector. These attacks manipulate individuals into divulging sensitive information or performing actions that compromise their security, bypassing even the most robust technical defenses.

One of the most significant actors in these crypto heists is North Korea. North Korean-linked actors stole at least $2.02 billion in cryptocurrency in 2025, a 51% increase from 2024. Since 2022, North Korea has stolen approximately $6.75 billion in crypto. These funds are allegedly used to support the country's sanctioned nuclear and ballistic missile programs. A notable incident involved North Korean hackers compromising the Dubai-based cryptocurrency exchange Bybit, resulting in a $1.5 billion theft.

Attackers are employing increasingly sophisticated social engineering tactics. These include posing as IT workers to gain access to systems and impersonating recruiters for Web3 and AI firms to harvest credentials. In some instances, they impersonate strategic investors or acquirers to probe for sensitive information. Phishing, fake frontends, and malware that alters transaction UIs are also common methods. Zoom scams involving malicious SDK files, keyloggers, and clipboard hijackers have also been reported.

Individual wallet compromises have also seen a surge, with 158,000 incidents affecting 80,000 unique victims in 2025. While the total value stolen from individual wallets decreased compared to 2024, the high number of incidents highlights the widespread nature of these attacks.

So, how can you protect yourself from social engineering attacks in the crypto space? Here are some key strategies:

• Be Skeptical: Always verify the identity of anyone asking for sensitive information or access to your systems. Use official channels to confirm requests, and be wary of unsolicited communications.
• Secure Your Accounts: Use strong, unique passwords for all your accounts, and enable two-factor authentication (2FA) wherever possible. Consider using a hardware security key for added protection.
• Watch out for Phishing: Be cautious of emails, messages, or websites that ask for your personal information. Check the sender's address and the website URL carefully, and avoid clicking on suspicious links or downloading attachments from unknown sources.
• Use Hardware Wallets: Store your cryptocurrency offline in a hardware wallet. This can protect your funds from online attacks, as the private keys are stored securely on the device.
• Educate Yourself: Stay informed about the latest social engineering tactics and scams. The more you know, the better equipped you'll be to recognize and avoid them.
• Operational Security: Prioritize operational security and maintain a healthy skepticism when managing digital assets in the Web3 landscape.
• Multi-Party Computation (MPC) Wallets: Exchanges and custodians should accelerate the adoption of multi-party computation (MPC) wallets, hardware security modules (HSMs), stricter signer approval processes, and continuous code audits and insider-threat monitoring.

The rise of social engineering attacks in the cryptocurrency space demands constant vigilance and proactive security measures. By understanding the tactics used by attackers and implementing robust security practices, individuals and organizations can significantly reduce their risk of becoming victims.