Crypto hacks hit a record count over the past year, but the US Treasury's $10 billion scam warning and a newly formed DeFi security coalition point to where the real risk now sits: AI-enabled social engineering and state-linked attackers, not auditable smart-contract code.
Treasury flagged the scale of the problem in a recent advisory, estimating Americans lost roughly $10 billion to crypto-related scams last year, a figure that pulled social engineering and North Korea-linked operations squarely into the mainstream policy conversation. The warning lands as on-chain investigators increasingly attribute the largest individual thefts to compromised private keys, phishing kits, and insider coercion rather than protocol-level exploits.
Why it matters
For years the industry's security posture has centered on smart-contract audits, formal verification, and bug bounties. Those controls do not stop an employee from approving a malicious transaction under pressure from a deepfake CEO video, nor do they prevent a North Korea-linked operator from walking out of an interview with credentials to a treasury wallet. The pattern of recent high-profile incidents suggests the human and operational layer is now the weakest surface in crypto, while the engineering layer has matured.
Market impact
A new DeFi coalition is trying to convert that realization into an industry baseline: shared threat-intel feeds, coordinated disclosures, wallet-policy standards, and a push to treat cybersecurity as a procurement-grade requirement rather than a marketing line. For protocols and institutional custodians, the practical read is that capital and partners will start pricing social-engineering controls the way they now price audits.
Frequently asked questions
-
How many crypto hacks happened over the past year?
Hacks reached a record count over the past year, though Treasury's framing emphasizes that the largest losses increasingly come from social engineering and state-linked operations rather than smart-contract exploits.
-
What did the US Treasury $10 billion scam warning cover?
The advisory estimated Americans lost roughly $10 billion to crypto-related scams, putting AI-enabled social engineering and North Korea-linked operations at the center of US policy attention.
-
Why are social-engineering attacks harder for audits to catch?
Audits and formal verification cover code, not human behavior. A compromised employee approving a malicious transaction or handing over wallet keys bypasses every protocol-level control.
-
What is the new DeFi security coalition trying to do?
It is pushing shared threat-intel feeds, coordinated disclosures, and wallet-policy standards so that operational cybersecurity becomes a procurement-grade industry requirement rather than a marketing claim.
-
How could this shift affect crypto protocols and custodians?
Investors and partners are likely to price social-engineering controls the way they price audits, making key-management discipline and incident-response history table-stakes for fundraising, listings, and institutional custody mandates.
CryptoSlate