Ever-evolving cybersecurity efforts are forcing hackers to seek out weak links among human vulnerabilities to fuel an ‘endless war,’ CertiK co-founder said.
News
Despite the crypto industry’s ongoing cybersecurity efforts, protocols are engaged in an endless war with cryptocurrency hackers, who continue to attack the weakest link in crypto protocols, which is often a human behavioral element.
The industry is engaged in unfair warfare with bad actors, who only need a single point of vulnerability to , according to Ronghui Gu, professor of computer science at Columbia University and the co-founder of blockchain security platform CertiK.
“As long as there’s a weak point or some vulnerabilities out there, sooner or later they will be discovered by these attackers,” said Gu, speaking during Cointelegraph’s Chain Reaction daily live X spaces , adding:
“So it’s an endless war.”
“But I’m afraid that next year’s [hacks] will still be at a billion-dollar level,” said Gu, adding that both cybersecurity efforts and cybercriminals are becoming stronger. Still, attackers only need to find a single bug in the millions of lines of code audited daily by CertiK.
— Zoltan Vardai (@ZVardai)
Related:
Losses to crypto hacks and exploits spiked to the first half of 2025, despite declining hacks in the second quarter. Over $800 million was lost across 144 incidents in Q2, a 52% decrease in value lost to the previous quarter, with 59 fewer hacking incidents, CertiK in a report on Tuesday.
The first half of 2025 has seen more than $2.47 billion in losses , representing a nearly 3% increase over the $2.4 billion stolen in all of 2024.
The lion’s share of the lost value was attributed to a single incident, a on Feb. 21, marking the largest cyberexploit in crypto history.
Related:
The industry’s ever-evolving cybersecurity measures are forcing hackers to look for new vulnerabilities to exploit, including loopholes in human psychology, according to CertiK’s Gu, who explained:
“Let’s say that your protocol or layer 1 blockchain becomes more secure. Then they may target human beings behind it. The people who have the private key and so on.”
During 2024, about half of the crypto industry’s security incidents were caused by “operational risks” such as private key compromises, Gu added.
Hackers are increasingly targeting weak links in human behaviour, as highlighted by this year’s renewed wave of , which are social engineering schemes in which attackers share fraudulent links to steal victims’ sensitive information, such as private keys to cryptocurrency wallets.
On Aug. 6, an investor lost a single wrong click, after accidentally signing a malicious blockchain transaction that drained $3 million worth of USDt () from his wallet.
Like most investors, the victim likely validated the wallet address by only matching the first and last few characters before transferring the $3 million to the malicious actor. The difference would have been noticeable in the middle characters, often hidden on platforms to improve visual appeal.
Another victim lost over $900,000 worth of digital assets to a on Aug. 3, 458 days after unknowingly signing a malicious approval transaction for a wallet-draining scam, Cointelegraph reported.
Magazine:
