Phishing activities are on the rise, according to CertiK's warning
In a chilling prediction for the crypto world, cybersecurity firm CertiK has announced that phishing attacks are expected to become the most significant and damaging threat in 2025. The warning comes as part of the company's 2024 Web3 security report, which offers insights into the challenges faced by the crypto industry last year and provides predictions for the future.
According to the report, phishing accounted for over $410 million in losses across 132 incidents in the first half of 2025, surpassing traditional hacks in financial losses. This trend is expected to continue, with phishing attacks evolving into more subtle, user-targeted, and financially impactful schemes.
One of the key trends highlighted by CertiK's insights and reported incidents is the use of sophisticated address manipulation, also known as address poisoning. Attackers create nearly identical blockchain wallet addresses by changing middle characters, exploiting users' habit of only verifying the first and last characters during transaction approvals. This tactic tricks even experienced investors into approving fraudulent transactions swiftly.
The frequency and scale of phishing scams have also seen a sharp rise. High-profile cases have seen millions lost within seconds, such as the hack of Japanese crypto exchange DMM Bitcoin in May 2024, where hackers withdrew 4502 BTC (worth $320M at the time).
Another concerning trend is the use of long-term exploitation strategies by scammers. Some attackers delay activating stolen wallets for months or years to avoid immediate detection, allowing them to maximize stolen funds over time.
The shift from contract exploits to human-factor attacks is another worrying development. Hackers are relying more on social engineering—phishing links, fake platforms, deceptive messages—rather than exploiting technical software vulnerabilities. This pivot makes phishing harder to detect and prevent since it targets user behavior.
To combat phishing, CertiK and other experts stress the critical need for full wallet address verification, continuous transaction reviews, and the use of multi-factor authentication. These measures can help reduce the risk of falling victim to phishing attacks.
The hack of DMM Bitcoin was among the most notable attacks in 2024, resulting in the second-largest loss in Japan after the Coincheck hack. The total stolen amount in 2024 represents a 31.61% increase from the previous year, with at least 78% of breaches being caused by system access vulnerabilities.
The Web3 ecosystem faced significant challenges in 2024, with a total of $2.36B stolen across 760 incidents. The total losses in the Web3 market for the past year, including DeFi, CeFi platforms, games, and metaverses, exceeded $2.9B, according to Hacken specialists.
North Korean hackers were also active in 2024, stealing crypto assets worth at least $1.34B, according to Chainalysis. Out of the 296 incidents recorded in 2024, at least three resulted in losses of over $100M each.
Critical code vulnerabilities persist in the Web3 ecosystem, according to CertiK's annual report. As the crypto world continues to grow, it is crucial that users and exchanges remain vigilant against these threats and take steps to protect their assets.
For more information, you can read the report here.
What measures are being recommended to combat phishing attacks in the cybersecurity landscape of 2025, as predicted by CertiK's 2024 Web3 security report? To reduce the risk of falling victim to phishing attacks, it's essential to implement full wallet address verification, continuous transaction reviews, and the use of multi-factor authentication.
