A new report analyzing 2,500 internal investigations reveals that social engineering, not technical exploits, was the primary driver of crypto theft in 2025. According to blockchain analytics firm AMLBot, 65% of incidents involved access failures like compromised devices or phishing, where attackers manipulate users directly. The data indicates that protocol-level security advancements may be insufficient if scammers successfully target individuals through impersonation and fraudulent schemes.
About two-thirds of crypto incidents investigated by blockchain analytics company AMLBot in 2025 were driven by social engineering rather than technical exploits. The firm stated 65% of reviewed incidents involved access and response failures like compromised devices instead of vulnerabilities in blockchains or smart contracts.
Primary attack vectors included device compromises via chat scams, impersonation, and other investment and phishing scams. These phishing attacks are social engineering schemes designed to steal sensitive information like private keys without hacking code.
Investment scams accounted for the largest share of cases at 25%, followed by phishing attacks at 18% and device compromises at 13%. Pig butchering scams accounted for 8%, over-the-counter fraud for 8%, and chat-based impersonation represented 7% of cases.
AMLBot traced at least $9 million in stolen digital assets to impersonation-related attacks over three months. “Attackers continue to exploit and trick victims with a ruthless game of charades, posing as trusted entities,” said Slava Demchuk, CEO of AMLBot.
Demchuk urged users not to share private keys or recovery phrases and to be wary of urgent requests involving fund transfers. He stated these urgent requests are common entry points for social engineering scams.
Separate data from crypto security company CertiK reported a January spike in crypto losses, with scammers stealing $370 million. According to CertiK, $311 million of that total was attributed to phishing scams.

