Attacchi Hacker Oggi: Quando la Sicurezza Onchain Migliora ma i Danni Crescono

2025 set a negative record for hacker attacks in the crypto industry today, yet the paradox lies in the very nature of these breaches. Most damages do not stem from flaws in smart contract code but from purely human vulnerabilities: stolen passwords, social engineering, compromised devices, manipulated employees. In other words, the enemy is no longer buggy code but the human factor. Criminals have realized that while onchain protocols become increasingly fortified, individuals remain the weak link in the chain.

According to Mitchell Amador, CEO of Immunefi, a platform specializing in onchain security, this distinction is crucial: «Despite 2025 being the worst year for cyberattacks, these attacks result from Web2 operational failures, not onchain code. Onchain security is improving significantly.» This means that while global damages are increasing, crypto infrastructures are actually strengthening. An counterintuitive conclusion that requires a complete rethink of defensive strategies.

Human Error, Not Code Bugs: The True Target of Criminals

Today’s hacker attacks no longer primarily target infrastructures but directly go after individuals. Data from the Crypto Crime Report 2026 by Chainalysis reveal a fundamental transformation in the threat landscape: approximately $17 billion in cryptocurrencies were stolen through scams and frauds in 2025, with criminals adopting increasingly sophisticated tactics such as impersonation and social engineering to multiply the number of victims.

Operational vulnerability has become the hacker’s preferred weapon. Passwords, private keys, compromised devices, manipulated employees, fake support agents: the catalog of human failures is long and growing. A recent breach exposed by ZachXBT perfectly illustrates this trend: a social engineering attack allowed a hacker to steal $282 million in cryptocurrencies, with the victim losing 2.05 million LTC and 1,459 BTC. The loot was quickly laundered through Monero and instant exchanges, making tracking even more difficult.

«As code becomes less exploitable, the main attack surface in 2026 will be people,» Amador emphasized. «The human factor is now the weak link that onchain security experts and Web3 operators must prioritize.»

Scams Surge: 1,400% Growth in Impersonations

2025 saw a real explosion of scams based on impersonation and AI-driven schemes, with numbers leaving little room for interpretation. Impersonation scams grew by 1,400% year over year, while AI-enabled fraud systems proved 450% more profitable than traditional social engineering schemes.

These numbers suggest a paradigm shift in criminal methods. Scammers are no longer just trying to access systems; they aim to persuade people to voluntarily hand over their funds. Deepfake messages, impersonation of authority figures, fake technical support: tactics are becoming more credible every day. Chainalysis highlighted how scams are now surpassing traditional infrastructure attacks in frequency and impact, marking a point of no return in criminal modus operandi.

Artificial Intelligence Changes the Security Game

If the situation seems dire, it’s because it truly is, but also because an important context is missing: AI is transforming both sides of the crypto security battle.

«In 2026, AI will change the pace of security on both fronts,» Amador stated. «Defenders will increasingly rely on AI-guided monitoring and responses that operate at machine speed, while attackers will use the same tools for vulnerability research, exploit development, and large-scale social engineering.»

The dual nature of artificial intelligence is the real enigma of the coming years. While AI-powered detection and response systems represent a significant upgrade in defensive capabilities, the same algorithms can be weaponized for social engineering campaigns at unprecedented scale and speed. It’s an arms race where both sides benefit from the same technology.

However, the picture is not entirely bleak. According to Amador, DeFi and onchain protocol code is becoming increasingly resilient to exploits. «Onchain security is improving significantly and will continue to do so. From the perspective of DeFi and onchain protocols, I believe 2026 will be the best year ever for onchain security.» Yet, the weak point remains: over 90% of projects still have critical, exploitable vulnerabilities, and adoption of defensive tools remains low. Less than 1% of the sector uses firewalls, and fewer than 10% employ AI-based detection tools.

Onchain AI Agents: The New Attack Surface

Amador’s most forward-looking warning, however, does not concern traditional wallets or code bugs. It concerns the emergence of autonomous AI agents on the blockchain: «This opens a new attack surface. Onchain AI agents can be faster and more powerful than human operators, and are only vulnerable to manipulation if their access pathways or control levels are compromised.»

Unlike static protocols, autonomous agents make decisions in real time without human intervention. If an attacker manages to tamper with control systems or access pathways, the agent could operate on behalf of the criminal at a speed and complexity no human operator could match. «We are still in the early stages of learning how to properly secure agents,» added Amador, «and this will be one of the most significant security challenges of the next cycle.»

2026: When Security Meets Innovation

The landscape of hacker attack risks today is in full evolution. On one hand, onchain protocol security is actually improving thanks to better auditing, formal verification, and increasingly widespread best practices. On the other hand, criminals are adapting, becoming more sophisticated, targeting individuals, leveraging AI, and preparing for the era of autonomous systems.

The battle for cryptocurrency security is no longer fought mainly onchain. It’s fought in user interfaces, corporate controls, monitoring systems, user training, and education. Security experts will need to focus not only on code and protocols but also on human and organizational resilience. While losses in 2025 set a negative record, 2026 could be the year the crypto industry finally understands where the real problems lie and how to address them.