Difference Between Tactics and Strategies of Crypto Attackers 2025: The New Wave of Threats Shifts from Code to Humans

The year 2025 is marked as the worst year for crypto security incidents on record, yet the differences in tactics and strategies demonstrated by this shift actually provide surprising insights: on-chain security is becoming stronger, but losses continue to rise. This paradox is revealed through data and insights from industry security leaders who identify a fundamental shift in how malicious actors attack digital ecosystems.

Why Human Factors Are at the Forefront of Attacks

According to Mitchell Amador, CEO of on-chain security platform Immunefi, the differences in attacker tactics and strategies reflect adaptation to increasingly better defenses at the protocol level. “Although 2025 was the worst year for hacks, most losses stem from operational failures typical of Web2—password theft, social engineering, and human manipulation—not from on-chain code exploits,” he explained to CoinDesk.

This change is no coincidence. As blockchain infrastructure becomes increasingly difficult to breach through pure code exploits, attackers rationally shift their focus to easier targets: traditional Web2 operations. Manipulated employees, compromised devices, and fake support systems become more effective attack vectors than searching for vulnerabilities in smart contracts.

Amador emphasizes the importance of this distinction: “On-chain security is improving dramatically and will continue to do so. From a DeFi and on-chain protocol code perspective, I believe 2026 will be the best year yet for on-chain security.”

Fraud Beyond Hacks: New Strategies in Identity Forgery

Recent data from Chainalysis confirms these tactical and strategic differences from a different perspective. The 2026 Crypto Crime Report shows that approximately $17 billion in crypto assets were lost due to scams and fraud in 2025, with most losses stemming from identity impersonation and AI-based schemes.

Striking statistics have emerged: identity impersonation scams increased by 1,400% in a year, while AI-supported scams proved to be 450% more profitable for attackers compared to traditional schemes. This trend indicates that attackers are not only shifting strategies but also heavily investing in automation and personalization tools to improve their success rates.

A recent real case uncovered through ZachXBT’s research demonstrates the tangible impact of advanced social engineering strategies: a hacker successfully stole $282 million worth of Litecoin and Bitcoin through pure social manipulation. The victims lost 2.05 million LTC and 1,459 BTC, with the stolen funds quickly exchanged for Monero across various instant exchange platforms before they could be traced.

Emerging Threats: On-Chain AI Agents and Expanding Attack Surface

Shifting focus to upcoming challenges, tactical and strategic differences will become even more complex with the entry of autonomous on-chain AI agents. Amador warns that this opens up “completely new attack surfaces” that the industry has not yet fully understood.

“On-chain AI agents can operate at speeds and with power far beyond human operators,” Amador revealed. “They have unique vulnerabilities to manipulation if their access pathways or control layers are compromised. We are still in the early stages of learning how to properly secure these agents, and this will become one of the main security challenges in the next cycle.”

Simultaneously, protocol-level vulnerabilities remain a real threat. Amador notes that over 90% of projects still have critical vulnerabilities that can be exploited, with very minimal adoption of defense tools—less than 1% of the industry uses advanced firewalls, and fewer than 10% employ AI-based detection tools.

Frontline Defense Undergoing Transformation

This security transformation will bring changes to defense strategies. By 2026, AI will alter the security dynamics on both sides: defenders will increasingly rely on AI-driven monitoring and response that move at machine speed, while attackers will use the same technology for vulnerability research, exploit development, and massive social engineering.

The implications are clear: the crypto security battle will no longer be won solely at the on-chain layer. Instead, the fight will extend across user interfaces, corporate controls, operational monitoring systems, and user security education programs. These tactical and strategic differences mark a new era where human awareness is just as important as robust source code.