Cryptocurrency, DeFi and blockchain security: threats and trends

January to July 2025

🔒 1. Recurring Security Incidents

In July 2025, attacks on centralized platforms resulted in losses of approximately $1.5 billion, with severe losses at ByBit ($1.4 billion), BigONE ($27 million) and CoinDCX ($44 million). All committed to compensating users.

In the first half of 2025, an estimated $2.17 billion was stolen, with potential to exceed $4 billion by year-end.

ByBit faces the largest attack in the sector's history, attributed to the Lazarus Group (North Korea).

🧠 2. Modus Operandi: Fraud and Exploitation of Abandoned Domains

The growth of "zombie" DeFi apps: pirates reuse domains from deactivated projects with historical reputation to induce users to sign malicious transactions and drain wallets.

The proliferation of AI scams (deepfake, fake voices) increased by 456% between May 2024 and April 2025, with estimated losses of $10.7 billion in the past year.

🧬 3. Infrastructure Vulnerabilities and Social Engineering

The WOO X hack ($14 million) resulted from phishing against an employee, which gave access to the development environment and allowed withdrawals from affected user accounts.

CoinDCX lost approximately $44 million after internal server compromise, highlighting risks of centralized storage of keys or critical logic.

🧾 4. Crime & Security Statistics

Physical attacks against crypto holders (wrench attacks, kidnappings) are increasing: 29 incidents in the first half, with projection to double the 2021 record if the pace continues.

By mid-2025, hackers exploited access control vulnerabilities, insecure APIs and phishing as main attack vectors — with AI-based exploitation rising 1025%.

🧠 5. Innovations and Emerging Frameworks

Emergence of blockchain-based frameworks for Zero Trust in fintechs, integrating smart contracts with Just-In-Time Access Control, MFA and immutable auditing.

CrossGuard: execution flow integrity system for smart contracts that blocks malicious transactions with low false positive rate (< 0.3%) and minimal gas cost.

🌍 6. Regulation, Adoption & Tokenization

The US is about to release an important regulatory report on cryptocurrencies, tokenization and stablecoins: recent administrations dramatically change the legal landscape.

Russia launches the A7A5 stablecoin, backed by rubles and exceeding $40 billion in volume, used to evade sanctions by facilitating payments between Russia and China.

📈 Trends and Opportunities in Crypto Security

⚠️ Trends

• Attacks migrating to infrastructure/developer ops and social engineering — harder to automate, requires internal security culture.
• Growing integration of AI and blockchain in defense: automation of monitoring, anomaly detection and adaptive policy execution.
• Adoption of structures like Zero Trust, integrated with smart contracts, should accelerate as response to the complexity of decentralized infrastructures.
• Expansion of tokenization with real assets: corporate stablecoins and CBDCs will require solid regulations and custody security.

🔎 Opportunities

• Develop monitoring solutions for zombie DeFi domains, checking reputation and DNS changes.
• AI-based tools for preventive detection of phishing and deepfakes, integrated with messaging and email.
• Real-time auditing with frameworks like CrossGuard for smart contracts — useful for exchanges, wallets and DeFi protocols.
• Consulting and support for implementing distributed Zero Trust for blockchain startups and fintechs.
• Personal security and physical protection services for large investors and executives, with anti-wrench focus.
• Legal structure and compliance adapted to the use of tokenization, corporate stablecoins and CBDC — helping companies design within emerging regulations.