Compiled: Plainspoken Blockchain

Hello, it all started with a message. It seemed credible, and it wasn't a problem at all; the LinkedIn profile showed some common stocks. The recruiter said they saw you on GitHub and wanted to offer you a well-funded “AI-meets-DeFi” position at the center. You quickly browsed their website. It was stylish, sleek, and covered all the expected jargon. There was a screening test. It was just fine in the form of a ZIP file.

You unzip it, the installer starts - a wallet permission prompt lights up on the screen for a moment. You clicked without a second thought. Nothing from the past has happened yet. The laptop hasn't crashed. Five minutes later, your Solana wallet is empty.

This is not random imagination. These few children are likely the attack processes related to North Korean hacking organizations that blockchain analysis experts have been recording. Suspected recruiters, infected test files, and malware are being used to steal wallets.

In today's article, we will take you through the evolution of crypto vulnerabilities in 2025 and how to protect your motherboard from some of the most common on-chain attacks.

Between January and September 2025, hackers linked to North Korea have stolen over $2 billion in cryptocurrency. According to data from blockchain analytics firm Elliptic, 2025 has become the year with the most severe digital asset crime by value.

A large portion of the total losses is attributed to the Bybit attack in February, which drained $1.4 billion from the cryptocurrency exchange platform. The total value of the stolen crypto assets by North Korea now exceeds $6 billion.

@Ellipse

In addition to the numbers, what stands out in the elliptical report is how the astonishing flaws in crypto vulnerabilities have changed. It points out: “Most hacking attacks in 2025 will be carried out through social engineering attacks,” which differs from the previous years' recorded captures originating from infrastructure breaches. The notorious Ronin Network attacks of 2022 and 2024, or the DAO attack of 2016.

Recently, this weak phase has shifted from infrastructure to “people”. Chainalysis also reports that private key leaks account for the largest share of stolen cryptocurrency in 2024 (43.8%).

It is evident that with the development of cryptographic technologies and the strengthening of security at the protocol and blockchain levels, attackers are more easily able to target the “individuals” holding private keys.

At this level, attacks have also become more organized, rather than just random individual targets. Recent announcements from the FBI and CISA, along with news reports, have described activities associated with North Korea, which combine targeted job opportunities sent to crypto engineers, trojanized wallet software, and contributions of illegal open-source code to carry out attacks. Although the tools relied upon by hackers are technical, the entry point is 'people' and psychology.

The largest cryptocurrency heist - the Bybit attack, showcased how this situation can occur on a large scale. When approximately $1.4 billion worth of ETH was stolen from a cluster of wallets, early technical analysis pointed out that the signers made factual errors while verifying the content they approved. The Ethereum network correctly performed its work by executing valid and signed transactions, but the failure was the manual human factor.

Reading: Bybit Attack

During the Atomic Wallet attack, approximately 35 million to 100 million dollars worth of cryptocurrency assets disappeared, due to malware targeting the way private keys are stored on user machines.

You have encountered the same problem in many cases. When people make transfers without verifying the entire wallet address, or store their private keys with minimal security measures, the protocol is almost crash-proof.

Self-custody is not foolproof

“Not your keys, not your coins” (not your keys, not your hard currency) still holds true, but the problem arises when people stop thinking about it afterwards.

In the past three years, many users have withdrawn funds from trading platforms, driven both by fear of a second FTX-style collapse and by a loss of faith in the past. The cumulative trading volume of decentralized exchanges (DEXs) has more than doubled over the three years, increasing from $3.2 trillion to $11.4 trillion.

@DeFiLlama

Although this seems like an upgrade to a very secure culture, the risks have shifted from custody to a state of “self-inflicted” vulnerability. Browser extensions on laptops, mnemonic phrases saved in mobile chats or email drafts, and private keys placed in unencrypted note-taking applications are all ineffective at fending off potential dangers.

Retain self-determined solutions : reliance on trading platforms, custodians, and anyone who may suspend withdrawals or go bankrupt. What remains unresolved is “knowledge dissemination” . The private key grants you control, but also assigns you full responsibility.

Now, have you really solved this problem?

Hardware wallets provide assistance through “difficulty”

The cold storage has solved some problems. It keeps your assets offline and places them in a vault environment.

Is the problem solved? Partially solved.

By moving shortcuts away from general devices, hardware can eliminate the need for browser extensions or the need for a single click to approve transactions. They introduce “physical confirmation”, which is a way to protect your “difficulties”.

However, hardware wallets are still a tool.

The core security team of the wallet speaks candidly about this. Ledger reported repeated phishing activities that exploit brands, using distorted browser extensions and cloned versions of Ledger Live to carry out scams. The interface is familiar enough to feel safe, but at some point, users will be prompted to enter recovery. Once it is lost, the rest is a foregone conclusion.

People may also be deceived into entering recovery platforms on the consolidated update page.

What hardware wallets do is shift the attack surface and introduce vulnerabilities to reduce the likelihood of vulnerabilities occurring. They cannot completely eliminate vulnerabilities.

Separation is key

Hardware wallets work best when users purchase them from trusted channels and protect recovery materials offline and discreetly.

Most of the people who handle these daily, including incident responders, on-chain detectives, and wallet engineers, all recommend that things separate and diversify risks.

One wallet is for daily use, while the other is rarely (never) connected to the internet. Experiment with small balances and DeFi mining, while storing incremental balances in even vaults, which require multiple steps to access.

In addition, the most important thing is basic hygiene habits.

Boring and repetitive habits can often be seen as a saving grace. Never input your mnemonic phrase into any website, no matter how urgent the pop-up sounds. After copying and pasting, check the address on your hardware screen. Pause to think before approving any transaction that is not explicitly under your control. Before it is proven to be safe, it must be ensured that the complete request link and “support” information remain suspicious.

These actions cannot guarantee absolute safety. There are always some serious risks. However, each of these steps represents a move towards reducing risk.

Currently, for most users, the biggest threat is not zero-day vulnerabilities. However, the information they have not carefully verified, the installers they immediately download and run because the job opportunity sounds good, and the mnemonic phrases they write on the same piece of paper as their shopping list.

When the billion-dollar people who take on risks view these as background noise, they may ultimately become case studies labeled as “vulnerabilities.”

This article link: https://www.hellobtc.com/kp/du/11/6143.html

Source: