How Social Engineering Became the Leading Cause of Crypto TVL Exploits in 2025
In 2025, social engineering overtook technical vulnerabilities as the primary cause of exploits targeting crypto Total Value Locked (TVL). This shift highlights a fundamental change in attacker strategies, emphasizing human factors over code weaknesses and raising important questions about the future of crypto security.
What happened
Multiple sources confirm that social engineering accounted for the majority of crypto TVL exploits in 2025, surpassing both technical vulnerabilities and smart contract bugs. A report cited by AmbCrypto, which aggregates publicly disclosed crypto security incidents from January through mid-2025, identifies phishing, impersonation, insider threats, and manipulation of trust as common methods used by attackers to gain unauthorized access to private keys or administrative controls.
Independent security firms corroborate this trend. Chainalysis, in its 2025 Crypto Crime Report, noted an increase in social engineering attacks, emphasizing how attackers are circumventing traditional technical defenses by exploiting human weaknesses. Similarly, CertiK’s Security Insights for Q1 2025 highlighted a rise in social engineering-related exploits from under 20% in 2023 to over 50% in 2025, underscoring a rapid shift in the threat landscape.
Analysts interpret this shift as attackers adapting to the evolving crypto ecosystem by focusing on its weakest link: human operators and governance structures. Complex decentralized governance models and multi-signature wallets, which require human coordination, are seen as expanding the attack surface for social engineering. Meanwhile, improvements in smart contract security tools may have contributed to a relative decline in purely technical exploits, making social engineering more prominent in exploit statistics.
Why this matters
The dominance of social engineering attacks in crypto TVL exploits reveals structural vulnerabilities that extend beyond code security. Traditional defenses such as code audits and automated vulnerability scanning, while still essential, are insufficient to address risks arising from human behavior and operational processes. This has significant implications for market participants, governance frameworks, and security providers.
As decentralized finance (DeFi) platforms and protocols grow increasingly complex, the reliance on multi-party coordination and administrative controls expands the potential vectors for manipulation. The rise in social engineering exploits threatens investor confidence and the integrity of governance mechanisms, potentially slowing adoption or increasing regulatory scrutiny.
Furthermore, this trend underscores the need for enhanced behavioral security measures, including employee training, operational security protocols, and perhaps new technological solutions that minimize human error or insider risk. The shift also raises questions about how industry standards and regulatory frameworks might evolve to address these non-technical vulnerabilities.
What remains unclear
Despite the broad consensus on the rise of social engineering as a leading cause of TVL exploits, several important details remain unspecified. The exact breakdown of social engineering methods—such as the relative frequency or impact of phishing versus insider threats—is not fully detailed in the available reports.
It is also unclear how much of the increase in social engineering exploits is driven by overall growth in crypto adoption or TVL, which could proportionally affect exploit statistics. The effectiveness and adoption rates of new behavioral security measures within the crypto sector remain unquantified, leaving open questions about the best practices to mitigate these attacks.
Additionally, there is limited public information on whether regulatory frameworks or industry standards have adapted in response to this shift. The AmbCrypto article references a report without providing direct access to underlying data or methodology, and Chainalysis and CertiK reports offer high-level trends without detailed case studies or timelines, restricting granular analysis.
What to watch next
- Further disclosures or detailed breakdowns of social engineering exploit types and their contribution to TVL losses.
- Development and adoption of behavioral security training programs and operational protocols tailored for crypto governance and multi-signature wallet management.
- Updates to regulatory frameworks or industry standards aimed at addressing social engineering risks in decentralized finance.
- New technological innovations designed to reduce human error or insider threats, such as enhanced authentication or governance automation.
- Ongoing reports from security firms like Chainalysis and CertiK that might provide more granular data or empirical evidence on the effectiveness of countermeasures.
The rise of social engineering as the dominant cause of crypto TVL exploits in 2025 highlights a critical shift in the security landscape that extends beyond code vulnerabilities. While this trend is well-documented, significant gaps in detailed data and understanding remain. Addressing these challenges will require coordinated efforts across technology, governance, behavioral security, and potentially regulatory domains to strengthen the resilience of crypto ecosystems.
Source: https://ambcrypto.com/social-engineering-accounts-for-majority-of-crypto-tvl-exploits-in-2025-report-shows/. This article is based on verified research material available at the time of writing. Where information is limited or unavailable, this is stated explicitly.