‘I suspected I was being socially engineered.’ Why crypto’s hacking epidemic is getting even worse

Michael Pearl thought he was being scammed.

The security firm Cyvers’ vice president of strategy told DL News that suspicious characters have approached him at crypto conferences, trying to sell him the moon.

“I have had a few cases where I suspected that I was being socially engineered,” he said.

“A person approaches you telling you a story that is too good to be true — who wants to invest in your company, wants to buy your product, and then they send you a link that seems suspicious.”

Social engineering is a strategy cybercriminals use to trick victims into clicking links laced with malware. It’s a kind of psychological manipulation that tricks people into letting their guard down. It is often the first point in digital attacks against crypto projects and can come from anywhere.

For instance, the Lazarus Group, the infamous North Korean hacking collective, has a history of using LinkedIn and fake job ads to woo victims.

The $1.5 billion Bybit hack in February 2025, a January $282 million theft from a single crypto holder, and, this month, the Drift Protocol attack are just some of the heists that started with a social engineering.

And it’s getting worse. In October, crypto security firm Elliptic warned that social engineering attacks against crypto projects are on the rise. It’s part of growing concern among blockchain sleuths and traders that have noticed an explosion in cybercrime this year.

A small selection of headlines since the start of the year paint a harrowing picture.

The team behind Drift, a popular Solana-based exchange, was approached at a conference by seemingly well-meaning businesspeople before the project was drained for nearly $300 million.

In early April, a hacker minted $1.2 billion of counterfeit crypto out of thin air by tricking HyperBridge, a crypto bridge, into creating unbacked tokens.

Days later, Justin Sun, one of the industry’s most recognisable billionaire moguls, begged North Korean hackers believed to be behind the Kelp DAO hack to come forward and negotiate.

Last year saw hackers make away with record amounts of crypto. They stole more than $2.5 billion, according to DefiLlama data. So far this year, criminals have stolen $786 million from crypto projects.

While decentralised finance protocols were singled out, centralised systems — including America’s biggest exchange, Coinbase — were the biggest target.

Now, hackers are enthusiastic about DeFi again. The fast-moving and experimental space, once notorious for exploits, was thought to have matured, but it’s back in the limelight — and not for the right reasons.

“Right now, DeFi seems to be the primary target,” Pearl said. “In general, everything has shifted now to hacking humans rather than hacking systems.”

What’s leading to the surge in thefts? Security experts point to humans as the central point of failure.

“The initial point of compromise often begins with people,” Matt Price, vice president of investigations at Elliptic, told DL News, adding that artificial intelligence was helping bad actors get better at sharpening social engineering techniques.

The biggest hack in the history of crypto, the $1.5 billion theft from crypto exchange Bybit, happened after attackers posing as a trusted open-source contributor convinced a developer to install dodgy software.

Attacks this year have panned out in a similar vein.

Drift Protocol was targeted by hackers who had built relationships with the exchange’s team, posing as members of a legitimate trading organisation, according to blockchain security firm Chainalysis.

They then tricked Drift employees into signing transactions they did not fully understand, handing over admin control. They got away with almost $300 million in stolen assets.

Hackers have access to more sophisticated technology since the explosion of better and cheaper AI models — and it’s helping, according to some.

Lawmakers grilled cybersecurity experts at a joint hearing by the Subcommittee on Border Security and Enforcement, and the Subcommittee on Cybersecurity and Infrastructure Protection this week, and the consensus was that hackers are more efficient and can work faster thanks to AI tools that previously weren’t readily available.

And security experts last month told DL News that cybercriminals were increasingly using AI to search for bugs in DeFi protocols and then take advantage of errors auditors may have missed.

But others are sceptical — and think the AI narrative is being used as an excuse.

“There’s this story that DeFi is trying to play of ‘we’re up against this unimaginable threat of AI that’s going to find the most minute, obscure vulnerability’,” David Schwed, chief operating officer at SVRN and an industry cybersecurity veteran, said.

“That’s not what’s happening here. It is: you build something incredibly shitty and insecure, [hackers] are just able to find it quicker.”

Schwed, who led development for BNY Mellon’s digital asset offerings, added that unless DeFi projects start thinking like traditional financial companies and put security at the forefront of what they do, hacks will continue to happen.

Mathew Di Salvo is a news correspondent with DL News. Got a tip? Email at mdisalvo@dlnews.com.

Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out with tips at tim@dlnews.com.