The Rising Cybersecurity Threats in Web3
The cybersecurity landscape of Web3 has seen a stark increase in losses, with Hacken reporting that total losses skyrocketed to approximately $3.95 billion in 2025, reflecting an alarming jump of around $1.1 billion from the previous year. A significant portion of these losses—more than half—can be traced back to North Korean hacker groups. The report highlights a troubling trend: operational security failures, such as compromised access controls, weak key management, and inadequate off-boarding practices, were responsible for the vast majority of incidents, overshadowing the risks from smart contract vulnerabilities.
Notable Incidents and Social Engineering Tactics
Among the notable incidents was a sophisticated scam involving an individual masquerading as a support agent for Coinbase, who managed to siphon off over $2 million in cryptocurrency from the exchange’s users. Blockchain investigator ZachXBT detailed the scammer’s tactics in a post shared on social media platform X, revealing that he had traced the perpetrator by analyzing various digital footprints, including Telegram group chats and on-chain wallet transactions.
ZachXBT described the suspect as a Canadian individual who had employed social engineering techniques to manipulate victims into believing they were receiving official help from Coinbase. Allegedly, the stolen cryptocurrency was used to finance extravagant purchases such as rare social media handles, bottle service, and gambling activities.
Additionally, a leaked video showed the suspected fraudster attempting to assist a victim under the guise of customer support. Despite the absence of detailed technical analysis in the report, it became evident that classic social engineering methods were the backbone of the scams, where attackers impersonate trustworthy figures to extract sensitive data from unsuspecting victims.
The investigator noted that the scammer had tried to erase traces of his identity by frequently changing Telegram usernames and deleting old accounts, but his online behaviors—like flaunting his lavish lifestyle through social media—made it easier to connect the dots between his accounts and illicit funds.
Operational Security Failures and Recommendations
Moreover, ZachXBT claimed he could even pinpoint the suspect’s home address using publicly available information but refrained from disclosing it due to platform guidelines. Screenshots shared by the investigator revealed a pattern of operational security breaches, including selfies and lifestyle posts that contradicted the suspect’s attempt to maintain anonymity.
The unfortunate reality is that social engineering attacks have become a pervasive issue within the cryptocurrency sector. Experts recommend that users remain vigilant by avoiding communication with unsolicited contacts claiming to be from exchanges, refraining from clicking links from unknown sources, and ensuring direct interaction with customer support through official channels—legitimate representatives will never request private keys, passwords, or direct transfers to external wallets.
Broader Security Issues and Future Outlook
Reflecting on the broader security issues, Hacken’s report underscores that most incidents stemmed from poor operational controls, which left organizations vulnerable despite some progress toward improving security measures throughout 2025. The study shows that the most catastrophic losses—totaling approximately $2.12 billion—were due to operational flaws, contrasting sharply with the $512 million attributed to smart contract exploitations. A major factor behind these figures was the Bybit breach, where close to $1.5 billion was stolen, marking the largest recorded theft in the cryptocurrency sector, heavily influenced by North Korean cyber activities.
As regulatory authorities in the U.S. and Europe define comprehensive operational security standards, Hacken noted a worrying trend—many companies in the Web3 space persist in utilizing insecure practices. Yehor Rudystia, Hacken’s forensic head, emphasized ongoing failings in access management and the inadequate implementation of necessary cybersecurity protocols, urging that thorough penetration tests, incident response training, and independent audits become standard practices for major exchanges in the coming year.
Moving forward, industry leaders, including Hacken’s co-founder Yevheniia Broshevan, anticipate a transition from merely advisory regulations to enforceable compliance standards. The hope is to foster an environment where security is prioritized, encouraging the adoption of dedicated hardware for signing and essential monitoring tools as inherent to the crypto ecosystem.
