Michael Pearl believes he is being targeted by a phishing attack.

According to Matt Price, Strategic Vice President at cybersecurity firm Cyvers, suspicious individuals approach him at cryptocurrency conferences, attempting to sell him implausible "get-rich-quick" stories.

"I've experienced this a few times and suspected I was under a social engineering attack," he said.

Social engineering is a tactic used by cybercriminals to trick victims into clicking malicious links embedded with malware. It's a form of psychological manipulation designed to lower vigilance. Often, it serves as the initial step in digital attacks targeting crypto projects—attacks that can originate from anywhere.

For example, the notorious North Korean hacking group Lazarus has a history of using fake job postings on LinkedIn to lure victims.

The theft of $1.5 billion from Bybit in February 2025, the $282 million heist from a crypto holder in January, and the recent Drift Protocol attack—all began with social engineering.

And the situation is worsening. In October last year, crypto security firm Elliptic warned that social engineering attacks against blockchain projects are on the rise. This trend is part of growing concerns among blockchain investigators and traders who have observed a sharp increase in cybercrime this year.

"Primary Target"

A small fraction of headlines this year paint a terrifying picture.

The team behind Solana’s popular exchange Drift was approached at a conference by seemingly benign businessmen, leading to the project losing nearly $300 million.

In early April, a hacker exploited HyperBridge, a crypto bridge, to fraudulently mint $1.2 billion worth of counterfeit tokens with no collateral.

Days later, one of the industry’s most prominent billionaires, Justin Sun, pleaded with what he believed to be the North Korean hackers behind the Kelp DAO breach to come forward for negotiations.

Last year, hackers stole record-breaking amounts of cryptocurrency. According to data from DefiLlama, they stole over $2.5 billion. So far this year, criminals have stolen $786 million from crypto projects.

While decentralized finance (DeFi) protocols have been singled out, centralized systems—including Coinbase, the largest U.S. exchange—are actually the primary targets.

Now, hackers are once again turning their attention to DeFi. This rapidly evolving, experimental space, once infamous for vulnerabilities and thought to have matured, is back in the spotlight—though not for positive reasons.

"Currently, DeFi seems to be the primary target," Pearl said. "Overall, everything is shifting toward attacking people rather than systems."

Attacking Humans

What’s driving the surge in thefts? Security experts point to humans as the core point of failure.

"The initial entry point often starts with people," Matt Price, Vice President of Investigations at Elliptic, told DL News, adding that artificial intelligence is helping malicious actors refine their social engineering techniques.

The largest hack in crypto history—the $1.5 billion theft from exchange Bybit—occurred after attackers impersonated trusted open-source contributors and convinced developers to install malicious software.

This year’s attacks unfolded similarly.

According to blockchain security firm Chainalysis, hackers targeted Drift Protocol by building relationships with the exchange’s team, then posing as legitimate members of a trading organization.

They subsequently tricked Drift employees into signing transactions they didn’t fully understand, thereby surrendering management control. The attackers stole nearly $300 million in assets.

Just an Excuse?

Since the emergence of better, cheaper AI models, hackers can now employ more sophisticated techniques—and some argue this has indeed made a difference.

This week, lawmakers questioned cybersecurity experts during a joint hearing between the Border Security and Law Enforcement Subcommittee and the Cybersecurity and Infrastructure Protection Subcommittee. The consensus was that hackers are more efficient, leveraging AI tools previously inaccessible to them to work faster.

Last month, security experts told DL News that cybercriminals are increasingly using AI to scan DeFi protocols for vulnerabilities, then exploiting errors that auditors may have overlooked.

Yet others remain skeptical—and believe the AI narrative is being used as a convenient excuse.

"DeFi’s story is trying to sell the idea that we’re facing an unimaginable threat from AI, capable of uncovering the tiniest, most hidden flaws," said David Schwed, Chief Operating Officer at SVRN and a veteran in industry cybersecurity.

"But that’s not true. The truth is: you built something extremely flawed and insecure, and [hackers] just found it faster."

Former head of digital asset product development at Bank of New York Mellon, Schwed added that unless DeFi projects begin thinking like traditional financial institutions—with security as a top priority—hacking incidents will continue.

Author: DLNews, Translated by DeepTide TechFlow

Source: DeepTide TechFlow