Crypto hacks are surging again — and recent incidents show the threat is evolving beyond big exchange heists to target everyday users and tooling.
What happened
- DeBot, an AI-driven DeFi trading and insights platform, disclosed a hack that cost users roughly $255,000. The team traced the breach to an exploited server in Japan and said it will “make affected users whole.” The confirmed losses were tied in part to users transferring funds back to old wallet addresses that had been deemed unsafe.
- In the same Christmas week, Binance-backed Trust Wallet reported a separate incident tied to a malicious Chrome extension, with reported losses of about $7 million.
- The Flow blockchain also suffered a December incident that drained about $3.9 million in assets.
Bigger picture and scale
- These episodes come as crypto hacks picked up in late 2025 amid a wider slowdown in trading. Chainalysis reports total funds lost to breaches in 2025 reached $3.4 billion, with the massive Bybit exploit earlier in the year accounting for roughly half that sum.
- Chainalysis also highlights a worrying trend: personal wallet compromises (like Trust Wallet incidents) have grown substantially over the past three years.
- State-linked actors loom large in the statistics. North Korean-linked groups were responsible for an estimated $2.02 billion of the 2025 losses — a 51% rise versus 2024 — and accounted for a record 76% of service compromises, per the report.
How threat actors are operating
- Social engineering and targeted employee compromises remain common entry points for large-scale thefts.
- New vectors are emerging: OKX founder Star Xu pointed to DEX bots and custodial workflows as rising risk factors. Many current bots require users to upload private keys to cloud storage — a practice that amplifies the attack surface for wallets and the funds they protect.
- Xu urged product teams to rethink design trade-offs, stressing that “security and usability are not mutually exclusive,” and advocated for institutional-grade controls combined with user-controlled local authentication (for example, passkeys).
What users and builders should do now
- Double-check the URL before connecting wallets or entering seed phrases; phishing links are still a leading cause of compromise.
- Avoid uploading private keys to cloud services. If using bots, scrutinize what permissions they request and whether private keys are ever exposed.
- Prefer local, user-controlled authentication methods (passkeys, device-local keys) and consider hardware wallets for significant holdings.
- Only install wallet-related browser extensions from trusted sources, and keep software and firmware up to date.
- Limit approvals and revoke unused permissions regularly; don’t reuse addresses or workflows that were flagged as insecure.
Why it matters
The pattern shows an industry adapting to a shifting threat landscape: while large exchange breaches make headlines, an increasing share of losses now stems from personal-wallet compromises and developer/tooling weaknesses. That puts the onus on both users and product teams to tighten security practices and rethink how third-party bots and custodial features are designed.
Disclaimer
This article is informational and not investment advice. Crypto trading is high risk; do your own research before making financial decisions. Sources: Chainalysis, X (Star Xu), AMBCrypto.
Read more AI-generated news on: undefined/news
