Human error, rather than code vulnerabilities, led to three major cryptocurrency security incidents in April 2025, which occurred within just thirteen days and resulted in hundreds of millions of dollars in losses. Each case involved manipulation of individuals rather than exploitation of blockchain systems. Analysts point out that this pattern reveals structural weaknesses in the industry that remain unaddressed. The primary constraint on digital asset security is no longer cryptography, but human nature.
North Korean agents infiltrated crypto companies through social engineering.
A six-month-long infiltration campaign resulted in Drift losing $285 million on April 1, 2025. The attackers posed as business partners, held face-to-face meetings in multiple countries, and deposited $1 million to establish credibility. Investigators attributed this operation to the North Korean state-sponsored group UNC4736 with moderate confidence.
The same group is also linked to the $1.5 billion Bybit hack that occurred in February 2025. Chainalysis reported that North Korea stole $2.02 billion in cryptocurrency in 2025 alone. This figure represents a 51% year-over-year increase, while the number of attacks decreased by 74%. This increase in efficiency did not come from more advanced technical tools, but rather from more sophisticated deception techniques.
As researcher Shanaka Anslem Perera pointed out, North Korea has not attempted to crack cryptography since 2023, but has started recruiting individuals closely associated with it. The three cryptocurrency security blunders were all due to human nature, not technical issues, yet no one connected them.
CrowdStrike recorded 304 separate North Korean infiltration incidents in 2024, with related activities continuing to accelerate in 2025.
Kraken caught a North Korean agent applying for an internal position in May 2025. The company deliberately allowed the interview to proceed to study the tactics used. This decision provided rare intelligence on the internal structure of these operations.
Fake wallet apps stole a musician's decade-long Bitcoin savings.
On April 11, 2025, musician G. Love (real name Garrett Dutton) purchased a new MacBook Neo and searched for Ledger Live in the Apple App Store. He downloaded a clone app that had passed both automated scanning and manual review. A fake error screen prompted him to enter a 24-word recovery phrase. Within minutes, 5.92 Bitcoin (approximately $424,000) was stolen. ZachXBT traced nine transactions to a deposit address on KuCoin.
KuCoin lost its EU MiCA license in February 2025, further raising concerns about regulatory gaps in the industry. The app bypassed multiple layers of platform security without exploiting any technical flaws. It relied entirely on a convincing interface and a user under human pressure. Once the recovery phrase was entered, the attackers gained complete and irreversible access.
This type of attack does not require complex code, just a credible replica and a moment of user trust. The review process of the Apple App Store, widely regarded as stringent, failed to catch this.
Dark web ads recruit insiders from exchanges.