April 2025 became yet another historic month for the crypto industry, as blockchain security firm CertiK confirmed that a staggering $364 million was lost to scams, hacks, and phishing attacks.
This figure marks a 1,163% increase from March’s $28.8 million in losses. The surge, according to CertiK’s April 30 post on X, was driven primarily by a single, devastating event.
The theft involved 3,520 Bitcoins, valued at $330.7 million, stolen from an elderly U.S. citizen, making it the fifth-largest crypto hack ever recorded.
Though April’s total was heavily skewed by this singular event, even without it, the losses remained significant at $34 million, still up 21% from March.
The most damaging threats came in the form of phishing attacks, social engineering, access control exploits, and price manipulation.
Phishing accounted for the lion’s share of April’s losses, approximately $337 million.
The standout case was the theft from the elderly U.S. investor, where the attacker used highly advanced social engineering tactics to deceive the victim and gain access to their Bitcoin wallet.
A suspected theft of 3,520 Bitcoin valued at approximately $330.7 million has triggered a sharp rally in Monero (XMR).#Bitcoin #XMRhttps://t.co/AXZu6RYpI4
— Cryptonews.com (@cryptonews) April 28, 2025
According to CertiK, this event marks a new wave of cybercrime, where criminals bypass code and blockchain infrastructure entirely, opting instead to exploit human behavior.
Social engineering, a tactic that manipulates individuals into revealing confidential information, has become one of the most effective strategies for crypto criminals.
These attacks are particularly insidious because they often appear legitimate, tricking even experienced investors.
April’s numbers also reflect a broader trend. CertiK’s report isn’t the only one that paints a troubling picture.
Immunefi, another blockchain security firm, recorded $92 million in losses across 15 incidents in April alone.
— Cryptonews.com (@cryptonews) April 30, 2025
The firm also confirmed that all the attacks targeted DeFi platforms, with centralized exchanges reporting no security incidents during the month.
The largest attack cited by Immunefi, on the open-source platform UPCX, led to over $70 million in damages. It was followed by the $7.5 million KiloEx exploit.
White Hat Hackers Help Recover Millions Amid Mounting Threats
Despite the grim numbers, April had a silver lining, as some of the stolen funds were recovered.
CertiK confirmed that approximately $18.2 million was returned, thanks to the efforts of white-hat hackers and cooperative exploiters.
Ethical hackers played a crucial role in helping three platforms, KiloEx, zkSync, and Loopscale, recover their losses.
KiloEx, which had suspended operations following a $7.5 million exploit, saw the stolen funds returned just four days after the incident. In a rare gesture of goodwill, the attacker chose to return the funds in full.
Similarly, Loopscale successfully negotiated with its attacker to recover $5.8 million after a vulnerability in its token pricing mechanism was exploited. The attacker agreed to return the funds in exchange for a 10% white hat bounty and legal immunity.
Meanwhile, zkSync Association recovered $5 million in stolen tokens after its airdrop distribution contract was breached. The agreement involved a similar bounty reward.
April’s spike in losses may be shocking, but it’s not isolated. Earlier in the year, February saw the costliest month to date, with crypto losses totaling $1.53 billion.
— Cryptonews.com (@cryptonews) February 25, 2025
The bulk of that was attributed to a $1.46 billion hack on Bybit, believed to have been orchestrated by the North Korean Lazarus Group, now considered responsible for the largest crypto heist in history.
State-backed threats remain one of the most serious long-term risks to the crypto industry.
Despite numerous warnings, hackers have already stolen more in 2025 than they did in the entire year of 2024. As of the end of April, over $1.7 billion in crypto has been lost, eclipsing last year’s $1.49 billion in just four months.
For now, the $364 million lost in April serves as both a brutal financial hit and a dire warning.
As phishing and social engineering continue to prove effective, investors are advised to remain vigilant and educate themselves on best practices to stay secure at all times.
The post Crypto Hacks and Scams Hit $364M in April, Says CertiK appeared first on Cryptonews.
Credit: Source link
