In 2025, social engineering became one of the main causes of major thefts in the crypto industry: Chainalysis data records over $3.4 billion stolen, with nearly half of that amount linked to the Bybit compromise in February 2025. During that attack, perpetrators gained access through social engineering techniques and injected malicious JavaScript that altered transaction details and siphoned funds.
Security specialists emphasize that the primary vulnerability remains at the human interaction layer, not just in the code. This article compiles definitions, key threats, and practical advice to help minimize risks for individual users and small mining networks.
What Is Social Engineering?
Definition of Social Engineering
Social engineering is a set of techniques where attackers manipulate people to obtain confidential information or compel actions that compromise security. These attacks target trust and behavioral factors rather than exploiting software vulnerabilities.
Examples of Social Engineering in Cryptocurrency
In the crypto space, this can appear as phishing messages, fake calls or messages from supposed familiar developers, malicious updates, fake job offers, and deepfake calls. Attacks often aim to obtain keys, passwords, cloud credentials, and signing tokens.
Why Is Social Engineering Effective?
Attackers exploit people's natural tendency to trust, as well as greed and fear of missing out. According to Nick Percoco from Kraken, the "battlefield" for security will increasingly be in users' minds, not just in code and infrastructure.
Key Threats in 2025
Thefts Exceeding $3.4 Billion
Chainalysis reports that in 2025, stolen funds in the crypto industry surpassed $3.4 billion, with a significant share linked to social engineering tactics. These losses show that attack innovations keep pace with growing tools to deceive users.
Bybit Attack and Its Consequences
The February 2025 compromise of the Bybit platform accounted for nearly half of total thefts and was also based on social engineering methods; attackers injected malicious JavaScript that altered transaction parameters. This example demonstrates how a single successful supply chain or developer environment breach can lead to massive losses.
Physical Attacks on Cryptocurrency Holders
In 2025, at least 65 physical attacks on crypto asset holders were recorded, compared to 36 such incidents in the peak year of 2021. Experts note that although "wrench attacks" remain relatively rare, they require special attention to personal security and privacy.
Tips to Protect Against Social Engineering
Automation and Interaction Verification
Nick Percoco from Kraken recommends reducing points of human trust by automating checks and authentication wherever possible. This includes shifting from reactive defenses to preventive measures and adopting radical skepticism toward all unsolicited requests.
Infrastructure Segmentation and Access Control
Lisa from SlowMist highlights the importance of isolating developer environments, locking dependency versions, and verifying package integrity before deployment. These measures reduce the risk of malicious code entering through supply chains and cloud credential leaks.
Hardware Wallets and Multi-Factor Authentication
David Schwed, formerly at Robinhood, advises using hardware tokens as a second factor and storing seed phrases offline in secure locations. It is also recommended to keep a significant portion of funds off exchanges and verify transaction data on the hardware wallet screen before signing.
Concealing Personal Information and Home Security
To reduce the risk of physical attacks, experts recommend not publicizing cryptocurrency ownership and cleaning personal data from public sources. Investing in home security and controlling public information make you a less attractive target for physical attackers.
Regular Security Audits and Incident Planning
Walbroehl from Halborn and other experts advise conducting regular security audits, separating development and production environments, and rehearsing incident response plans. Having practiced procedures and rotating keys helps quickly contain and minimize damage.
Future Threats and How to Prepare
Using AI to Create Deepfakes
Experts note the active use of AI to generate deepfake calls and personalized phishing campaigns, making attacks more believable and harder to detect. In such conditions, enhanced identity verification and communication monitoring are required.
Personalized and Context-Dependent Attacks
Attackers increasingly prepare context-aware traps mimicking real workflows and invitations. Protection includes verifying senders through independent channels and establishing predefined phrases or codes for critical operations.
Cryptographic Identity Verification
Additional measures include cryptographic identity verification schemes and hardware authentication with biometric binding for critical communications. These tools complicate attackers' efforts to fake voice or video.
Anomaly Detection and Basic Verification Protocols
Monitoring anomalies in account behavior and transactions, along with clear procedures for verifying every critical operation, remain key defense elements. Combining technical and procedural measures reduces the likelihood of successful social engineering.
Why This Matters
If you manage from one to a thousand mining devices in Russia, social engineering risks directly affect access to your wallets and infrastructure. Even minor compromises of cloud credentials or signing tokens can lead to fund loss or operational paralysis.
Even when threats seem distant from hardware, the human factor remains the weakest link: messages, unchecked links, and supply chain interference can cause serious financial consequences. Therefore, it is important to combine technical countermeasures with good digital hygiene habits.
What to Do?
- Use hardware wallets for large sums and verify transaction details on the device screen before signing.
- Enable multi-factor authentication with hardware tokens and avoid reusing passwords across services.
- Separate development and production environments, lock dependency versions, and verify package integrity during updates.
- Do not disclose cryptocurrency ownership and use data-cleaning tools to protect personal information.
- Store seed phrases offline in physically secure locations and avoid "blind" transaction signing, especially via web interfaces.
- Conduct regular audits, incident response rehearsals, and rotate access keys.
For more details on related attack types and real cases, see the article on chat scams and the guide on protection against address spoofing attacks, as well as a case study in the article about Coinbase fraud.