BroadChain News, April 27 - Cryptocurrency hacks have surged this year, but the real threat is not code vulnerabilities but human factors. From Bybit's $1.5 billion theft to Drift's $300 million loss, hackers manipulate developers through social engineering tactics—yet the industry shifts focus with "AI threat theory" to divert attention from its own security practice failures. For investors and practitioners, this means the strictest technical audits cannot guard against human weaknesses; project selection must prioritize team security awareness and process management.
Michael Pearl, Vice President of Strategy at cybersecurity firm Cyvers, told DL News that he has encountered suspicious individuals multiple times at cryptocurrency conferences, who fabricate "too good to be true" stories and send suspicious links. This is a common social engineering tactic used by cybercriminals, employing psychological manipulation to lower victims' guard, often as the first step in attacking crypto projects. The notorious North Korean hacker group Lazarus Group has used fake job postings on LinkedIn to carry out attacks. The $1.5 billion theft from Bybit in February 2025, the $282 million theft from a cryptocurrency holder in January, and this month's Drift Protocol attack all began with social engineering.
Last year, hackers stole a record amount of cryptocurrency, totaling over $2.5 billion, according to DefiLlama data. So far this year, criminals have stolen $786 million from crypto projects. While DeFi protocols have received particular attention, centralized systems, including the largest US exchange Coinbase, are the biggest targets. Now, hackers are refocusing on DeFi, an experimental field once notorious for its vulnerabilities and considered mature, which is back in the spotlight for the wrong reasons.
Matt Price, Vice President of Investigations at Elliptic, pointed out that entry points often start with individuals, and AI is helping malicious actors refine social engineering techniques. The largest cryptocurrency hack in history—the $1.5 billion theft from Bybit—occurred after attackers impersonated trusted open-source contributors and tricked developers into installing malicious software. In the Drift Protocol attack, hackers posed as members of a legitimate trading organization, built trust with the exchange team, tricked employees into signing unknown transactions, handed over administrative permissions, and ultimately made off with nearly $300 million in assets.
With the proliferation of cheaper and more advanced AI models, hackers have gained more sophisticated tools. Last month, security experts told DL News that cybercriminals are increasingly using AI to scan DeFi protocol vulnerabilities and exploit them. However, the industry's simplistic attribution of security crises to AI is actually a diversion of its own responsibility. The real solution lies in strengthening personnel training and improving process management, rather than relying solely on technical audits.