Crypto security news lately feels like a game of whack‑a‑mole where the moles learned project management. The big theme: the risk hasn’t vanished; it’s just moved—from smart contracts alone to the softer, human parts of the stack, plus supply chains and the everyday infrastructure that keeps crypto services running. That shift matters because it changes who gets targeted, where defenses need to live, and how “just don’t click the link” isn’t enough anymore. According to SecurityWeek, 2025’s large theft totals and tactics point to human‑centric compromises as much as technical ones. ([securityweek.com](https://www.securityweek.com/north-korean-hackers-have-stolen-2-billion-in-cryptocurrency-in-2025/))
The scoreboard got ugly, even in a “down” year
Let’s start with the numbers, because they set the mood. According to SecurityWeek, reported crypto losses for 2024 were about $1.49 billion year‑to‑date, with hacking incidents driving most of the damage and DeFi taking the brunt. ([securityweek.com](https://www.securityweek.com/hackers-stole-1-49-billion-in-cryptocurrency-to-date-in-2024/?utm_source=openai)) That set the stage for 2025, where the headline thefts were far larger. According to SecurityWeek, the Bybit exchange reported about $1.5 billion stolen in a single attack, with hundreds of thousands of ETH and stETH moved out. ([securityweek.com](https://www.securityweek.com/bybit-hack-drains-1-5-billion-from-cryptocurrency-exchange/?utm_source=openai)) Big numbers don’t automatically mean “sky is falling,” but they do mean the stakes for operational security, incident response, and user hygiene are far higher than a few years ago.
Risk moved to people and processes
In 2025, attackers didn’t just push on code; they pushed on the humans holding the keys. According to SecurityWeek, forensics on the Bybit incident described a multi‑pronged social‑engineering operation that used stolen cloud session tokens, MFA bypasses, and a rigged JavaScript file to reach cold‑wallet systems. ([securityweek.com](https://www.securityweek.com/how-social-engineering-sparked-a-billion-dollar-supply-chain-cryptocurrency-heist/)) That’s not a “smart contract bug” story; it’s a workflow‑abuse story. And the same playbook shows up in smaller campaigns. According to SecurityWeek, North Korean operators have used Zoom’s remote‑control feature to trick crypto professionals into granting access and installing malware, turning normal collaboration software into a foothold. ([securityweek.com](https://www.securityweek.com/north-korean-cryptocurrency-thieves-caught-hijacking-zoom-remote-control-feature/)) The takeaway: attackers are increasingly betting that well‑meaning humans will approve a prompt or trust a call.
Supply chain is the quiet highway
Supply‑chain attacks are the stealthy cousin of social engineering: instead of tricking a single person, you compromise something they all rely on. According to SecurityWeek, the Bybit heist analysis highlights a rigged JavaScript file as part of the compromise path, an example of how a single trusted component can become a Trojan horse. ([securityweek.com](https://www.securityweek.com/how-social-engineering-sparked-a-billion-dollar-supply-chain-cryptocurrency-heist/)) And the risk isn’t theoretical. According to KrebsOnSecurity, attackers briefly compromised at least 18 widely used JavaScript packages on NPM after phishing a maintainer, with malicious code designed to intercept crypto activity in the browser. ([krebsonsecurity.com](https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/comment-page-1/?utm_source=openai)) For everyday users, that means “my wallet app is fine” doesn’t fully cover the stack if the underlying dependencies are poisoned.
Smart‑contract risk still bites—just with a different flavor
None of this means smart‑contract issues went away. They’re still a big reason DeFi remains high‑risk. According to SecurityWeek, the Balancer protocol reported a heist around $128 million tied to a rounding‑function exploit in batch swaps, and the team moved into recovery mode while pausing affected pools. ([securityweek.com](https://www.securityweek.com/defi-protocol-balancer-starts-recovering-funds-stolen-in-128-million-heist/?utm_source=openai)) Meanwhile, the 2024 losses data shows that DeFi incidents still dominated the tally, even when broader market activity slowed. According to SecurityWeek, a large share of 2024’s incidents and losses came from decentralized services rather than centralized platforms. ([securityweek.com](https://www.securityweek.com/hackers-stole-1-49-billion-in-cryptocurrency-to-date-in-2024/?utm_source=openai)) So yes—code still matters, but it’s now competing for attention with the messier human and operational layers.
The low‑end stuff is noisy but costly
Not every incident is a blockbuster heist. There’s a long tail of “low‑end” abuse that quietly burns resources. According to SecurityWeek, cryptojackers have mined Monero by exploiting exposed DevOps infrastructure like Consul dashboards, Docker APIs, and code‑hosting services, turning misconfigurations into someone else’s mining rig. ([securityweek.com](https://www.securityweek.com/cryptojackers-caught-mining-monero-via-exposed-devops-infrastructure/)) And according to SecurityWeek, a critical vulnerability in XWiki has been exploited in the wild to run cryptocurrency mining, showing how standard enterprise software can become collateral damage when patching lags. ([securityweek.com](https://www.securityweek.com/xwiki-vulnerability-exploited-in-cryptocurrency-mining-operation/)) These aren’t headline‑grabbing thefts, but they’re persistent, opportunistic, and expensive over time.
Geopolitics moved onto the balance sheet
Crypto risk also has a geopolitical layer now. According to SecurityWeek, North Korean actors are estimated to have stolen more than $2 billion in cryptocurrency in 2025, with laundering tactics that grow more complex as defenses improve. ([securityweek.com](https://www.securityweek.com/north-korean-hackers-have-stolen-2-billion-in-cryptocurrency-in-2025/)) And not every high‑value event is about profit. According to SecurityWeek, the Predatory Sparrow group claimed to have burned more than $90 million worth of assets at Iran’s Nobitex exchange, making the “attack” itself the message. ([securityweek.com](https://www.securityweek.com/predatory-sparrow-burns-90-million-on-iranian-crypto-exchange-in-cyber-shadow-war/)) That mix of financially motivated and politically motivated operations makes risk harder to model, because not all attackers are optimizing for cash‑out.
What to watch next
- According to SecurityWeek, human‑centric compromises and social engineering are increasingly central in major incidents, so watch for new controls around approvals, signing flows, and session management. ([securityweek.com](https://www.securityweek.com/how-social-engineering-sparked-a-billion-dollar-supply-chain-cryptocurrency-heist/))
- According to KrebsOnSecurity, package‑repository compromises can ripple quickly, so expect more emphasis on software provenance and dependency monitoring. ([krebsonsecurity.com](https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/comment-page-1/?utm_source=openai))
- According to SecurityWeek, DeFi still accounts for a significant portion of loss events, so audits and runtime monitoring will remain critical for protocols and users. ([securityweek.com](https://www.securityweek.com/hackers-stole-1-49-billion-in-cryptocurrency-to-date-in-2024/?utm_source=openai))
- According to SecurityWeek, opportunistic cryptojacking persists through exposed infrastructure, so basic hardening and patch cadence remain a quiet but valuable defense. ([securityweek.com](https://www.securityweek.com/cryptojackers-caught-mining-monero-via-exposed-devops-infrastructure/))
- According to SecurityWeek, nation‑state activity continues to shape the threat landscape, so expect regulation and compliance to keep expanding in response. ([securityweek.com](https://www.securityweek.com/north-korean-hackers-have-stolen-2-billion-in-cryptocurrency-in-2025/))
Bottom line: the risk in crypto didn’t disappear; it migrated into places that feel more like regular IT and less like exotic blockchain magic. That’s good news in one sense—most of the defenses already exist—but it also means the same old security disciplines (identity, access control, patching, supply‑chain hygiene) now decide whether a crypto business has a bad day or a catastrophic one. No hype, no doom—just a reminder that boring security basics are still the superheroes of this story.