LogoNEXT Insight Lab
ENVI中文ES

Crypto’s worst year for hacks wasn’t a smart contract issue. It was a people problem.

1/19/2026, 1:30:18 PM
LolaBy Lola
Crypto’s worst year for hacks wasn’t a smart contract issue. It was a people problem.

Crypto’s Worst Year for Hacks Wasn’t a Smart Contract Problem. It Was a People Problem.

Recent reports indicate a concerning trend in the cryptocurrency space: while onchain security measures are reportedly improving, losses due to hacks and exploits continue to rise. This apparent paradox highlights a crucial aspect of crypto security – it's not solely about the robustness of smart contracts, but also about the human element involved.

According to Immuneifi’s CEO, Mitchell Amador, onchain security is making strides. However, the increasing financial damages suggest that vulnerabilities lie elsewhere. Instead of flaws in the code itself, the primary weakness appears to be the operational and organizational security surrounding crypto projects. This includes areas like key management, social engineering attacks, and insider threats.

Expert View

The current situation paints a complex picture. While smart contract audits and formal verification methods are becoming more sophisticated, attackers are shifting their focus to easier targets. The human element, often overlooked, presents a significant attack vector. For example, poor key management practices can leave wallets vulnerable, even if the underlying blockchain is secure. Similarly, social engineering tactics can trick individuals into revealing sensitive information or transferring assets unknowingly. Insider threats, where malicious actors within a project compromise security, are also a growing concern.

This suggests that the crypto industry needs a more holistic approach to security. Simply focusing on code audits isn't enough. There needs to be increased emphasis on training, robust operational procedures, and secure infrastructure to protect against the growing sophistication of attacks targeting human vulnerabilities.

What To Watch

Several key areas deserve close attention in the coming months. Firstly, monitor the development and adoption of more secure key management solutions, such as multi-party computation (MPC) wallets and hardware security modules (HSMs). Secondly, track the emergence of new security protocols and practices aimed at mitigating social engineering attacks, including user education initiatives and anti-phishing measures. Finally, pay attention to regulatory developments that may mandate stricter security standards for crypto projects, potentially including requirements for comprehensive risk management and internal controls.

The increasing sophistication of attackers means that the industry must remain vigilant and adapt its security practices continuously. The focus needs to shift from solely securing the code to securing the entire ecosystem, including the people and processes that interact with it. The future of crypto security depends on addressing the human element effectively.

Source: CoinDesk