About 65% of crypto incidents investigated by blockchain analytics firm AMLBot in 2025 were driven by social engineering rather than technical exploits, based on roughly 2,500 internal investigations.
The company said most cases involved access and response failures such as compromised devices, weak verification or delayed detection, rather than vulnerabilities in blockchains or smart contracts.
“Attackers continue to exploit and trick victims with a ruthless game of charades, posing as trusted entities,”
Said AMLBot chief executive, Slava Demchuk, noting that scammers often impersonate exchange support teams, investment partners or project representatives.
Investment scams accounted for 25% of reviewed cases, followed by phishing at 18% and device compromises at 13%, while pig-butchering and over-the-counter fraud each represented 8% and chat-based impersonation 7%.
AMLBot traced at least $9 million in stolen digital assets over the past three months to impersonation-related attacks, highlighting the financial impact of social engineering schemes.
Demchuk urged investors not to share private keys or recovery phrases and to ignore urgent requests involving fund transfers or wallet access, which are common entry points for scams.
Separate data from security firm CertiK showed crypto losses spiking to $370 million in January, including $311 million attributed to phishing scams, underscoring that user-targeted attacks remain a major threat despite protocol-level security improvements.