Wallets, Warnings, and Vulnerabilities
TechFlow Selected TechFlow Selected
Wallets, Warnings, and Vulnerabilities
Learn about the evolution of cryptocurrency attacks in 2025 and how to protect yourself from some of the most common on-chain attacks.
Navigating Web3 tides with focused insightsAuthor: Prathik Desai
Translator: Block unicorn
It all starts with a message. The brand looks credible, the logo matches expectations, and the LinkedIn profile shows you have some mutual connections. A recruiter says they came across your GitHub project and wants to offer you a contract role at a well-funded AI-driven DeFi protocol. You quickly browse their website. The design is clean and professional, the content appears legitimate—yet every expected section is filled with jargon. There’s a screening test on the site, delivered as a ZIP file.
You unzip it and run the installer immediately—a wallet authorization prompt flashes briefly on screen. Without thinking, you click confirm. Nothing seems to happen; your computer doesn’t crash. Five minutes later, your Solana wallet is drained.
This isn’t fiction. This is nearly identical to numerous attack patterns documented by blockchain analysts in 2025 linked to North Korean hacking groups. They use fake job offers, trojan-infected test files, and malware to compromise wallets.
In this article, I’ll walk you through how crypto attacks evolved in 2025 and how to protect yourself from some of the most common on-chain threats.
Let’s dive in.
The Biggest Shift in Crypto Hacks of 2025
From January to September 2025, hackers linked to North Korea stole over $2 billion in cryptocurrency. According to blockchain analytics firm Elliptic, 2025 has become the highest-impact year on record for digital asset crime.
The largest single loss came from the February breach of Bybit exchange, which cost the crypto platform $1.4 billion. The total value of crypto assets stolen by the North Korean regime has now surpassed $6 billion.
Beyond the staggering numbers, what stands out most in Elliptic’s report is the shift in how crypto vulnerabilities are exploited. The report states, “Most hacks in 2025 were enabled by social engineering attacks,” a stark contrast to North Korea’s earlier strategy of stealing large sums by compromising infrastructure. Examples include the infamous Ronin Network hacks in 2022 and 2024, and the 2016 DAO hack.
Today, the security flaw has moved from infrastructure to human behavior. Chainalysis also reports that private key compromises accounted for the largest share (43.8%) of crypto thefts in 2024.
As cryptocurrencies mature and security at the protocol and blockchain levels improves, attackers find it easier to target individuals holding private keys.
These attacks are also becoming increasingly organized rather than random individual exploits. Recent alerts from the U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), along with news reports, describe North Korea-linked operations combining fake crypto engineer job postings, trojanized wallet software, and malicious open-source community poisoning. While the tools used are technical, the entry point remains psychological.
The Bybit hack, the largest single crypto heist to date, illustrates how such issues manifest at scale. When around $1.4 billion worth of Ethereum was stolen from a wallet cluster, early technical analysis suggested signers failed to carefully verify transaction details. The Ethereum network executed valid, properly signed transactions—but the failure occurred at the human level.
Likewise, in the Atomic Wallet hack, malware targeting how users stored private keys on their computers led to the disappearance of $35 million to $100 million in crypto assets.
You’ll find this pattern repeated often. When people fail to fully verify wallet addresses during transfers or store private keys with minimal security, protocols can do little to help.
Self-Custody Isn’t Foolproof
The principle “Not your keys, not your coins” still holds—but too many stop thinking after that.
Over the past three years, many users have moved funds off exchanges, driven both by fears of another FTX-style collapse and ideological conviction. During this period, cumulative trading volume on decentralized exchanges (DEXs) has more than tripled, rising from $3.2 trillion to $11.4 trillion.
While this may appear to reflect improved security culture, the risk has simply shifted from custodial safeguards to a chaotic landscape where users fend for themselves. Browser extensions on computers, recovery phrases saved in chat logs or email drafts, and private keys stored in unencrypted note apps offer little defense against lurking threats.
Self-custody solves the dependency problem: no reliance on exchanges, custodians, or third parties who might freeze withdrawals or go bankrupt overnight. But it does not solve the “cognitive” problem. Private keys give you control—and full responsibility.
So how do you actually address this?
Hardware Wallets Help Add Friction
Cold storage solves part of the issue. It keeps your assets offline, like storing them in a vault.
Is the problem solved? Only partially.
By removing private keys from general-purpose devices, hardware wallets eliminate risks tied to browser extensions or “one-click transaction approvals.” They introduce physical confirmation steps that act as a protective layer for users.
But hardware wallets are ultimately just tools.
Security teams at multiple wallet providers are candid about this. Ledger has reported repeated phishing attacks using counterfeit browser extensions and cloned versions of Ledger Live. These interfaces look familiar enough to lower suspicion, but eventually prompt users to enter their recovery phrases. Once that happens, the damage is irreversible.
Users may also be tricked into entering recovery phrases on fake firmware update pages.
Thus, the real value of hardware wallets lies in shifting the attack surface and adding friction—making successful attacks less likely. But they don’t eliminate risk entirely.
Separation Is Key
Hardware wallets work best when purchased from official or trusted sources, and when recovery phrases are kept completely offline and securely stored.
Veterans in the space—including incident responders, on-chain investigators, and wallet engineers—recommend separation and risk distribution.
Use one wallet for daily activities, and another that rarely touches the internet. Keep small amounts for experimentation and DeFi farming, while storing larger sums in a vault requiring multiple steps to access.
Beyond that, foundational security habits matter most.
Some seemingly dull practices make a big difference. Never enter your recovery phrase on any website, no matter how urgent the pop-up appears. After copying and pasting, always verify the full address on your hardware device screen. Pause and reconsider before approving any transaction you didn’t initiate. Treat unsolicited links and “customer support” messages with skepticism until verified.
No measure guarantees absolute safety—risk will always exist. But each additional step reduces it further.
For most users today, the greatest threat isn’t zero-day exploits, but unchecked messages, installers downloaded and run instantly because a job opportunity sounds promising, and recovery phrases written on the same paper as grocery lists.
When those managing billions treat these risks as background noise, they eventually become case studies labeled as “vulnerabilities.”
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
