Crypto Hacks Reach Record Levels; Smart Contracts Less Blamed

Security reports show crypto thefts hit record highs in the past year, driven mainly by breaches of exchanges, custodians, cross-chain bridges and account-compromise scams.

Over the past 12 months, security firms and industry incident reports recorded a global rise in crypto thefts. The largest losses came from breaches of centralized custody, exchange infrastructure and cross-chain bridges, with account-compromise scams contributing to the increase.

Attackers obtained access to private keys, exploited weak multisignature setups and misused administrative functions on external systems. Social‑engineering techniques, phishing emails, credential stuffing and business‑email compromise were used to take credentials and move funds out of custody systems.

Several large cross‑chain bridges were targeted because they hold large balances and rely on off‑chain components. Reports identify flaws in off‑chain message signing and consensus mechanisms on some bridges as points of failure that allowed attackers to authorize or mimic legitimate transfers.

Industry incident summaries for the year show that the biggest single‑case dollar losses tended to come from compromised custody and bridge operations. Losses traced to smart‑contract bugs were more frequent in number but generally smaller per incident.

Operational failures cited in reports included poor key management, single points of failure in multisignature arrangements and weak separation between hot and cold wallets. In multiple cases, attackers escalated access after compromising administrator credentials or exploiting exposed administrative endpoints.

When smart‑contract vulnerabilities caused losses, the defects most often involved reentrancy issues, integer overflows and misconfigured access controls in decentralized finance protocols. Several audited contracts were affected in past incidents when an exploitable code path remained undetected.

Security trackers also noted changes in attacker tools and cash‑out methods. Automated scripts to detect and extract liquidity, credential‑stuffing bots and targeted phishing campaigns were common. Laundering paths frequently combined transfers across multiple chains and use of privacy services, complicating trace efforts. Recoveries remained rare and often depended on cooperation from centralized intermediaries or errors by the attackers.

Responses to the surge included audits, bug‑bounty programs, blockchain analytics tracing and law enforcement investigations. Auditors report that formal code reviews and bounty programs reduce exploitable on‑chain bugs but do not eliminate risks in off‑chain operations. Several exchanges temporarily paused withdrawals or raised verification checks after major breaches to contain risk.

Protocol teams and custodians reported changes to operational procedures. Measures named in industry communications include stronger key‑management practices, multi‑party computation solutions, routine access reviews and expanded staff training on phishing. Bridge operators reported moves to more decentralized validation schemes and changes to governance and signing practices. Security firms recommend combining code audits with red‑team exercises that test human and operational controls.

Content on BlockPort is provided for informational purposes only and does not constitute financial guidance.
We strive to ensure the accuracy and relevance of the information we share, but we do not guarantee that all content is complete, error-free, or up to date. BlockPort disclaims any liability for losses, mistakes, or actions taken based on the material found on this site.
Always conduct your own research before making financial decisions and consider consulting with a licensed advisor.
For further details, please review our Terms of Use, Privacy Policy, and Disclaimer.

Articles by this author

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.