PANews reported on January 19th, citing CoinDesk, that while 2025 was the worst year for cryptocurrency hacking on record, most losses stemmed from Web2-style operational errors such as password breaches and social engineering, rather than on-chain code vulnerabilities. Immunefi CEO Mitchell Amador pointed out that on-chain security is significantly improving, with the primary attack surface shifting to the vulnerability of "humans." He believes that 2026 will be the best year for on-chain security as code becomes increasingly difficult to exploit, but this also means attackers will turn to more sophisticated social engineering and AI-assisted fraud. Chainalysis' annual report corroborates this trend, showing that approximately $17 billion in cryptocurrency losses due to fraud and scams occurred in 2025, with impersonation scams increasing by 1400% year-on-year, and AI-driven scams generating 450% more profit than traditional methods.

Amador also warned that over 90% of projects still have critical exploitable vulnerabilities, and the adoption rate of industry protection tools is extremely low: less than 1% of industry participants use firewalls, and less than 10% use AI detection tools. He stated that AI will change the pace of both offense and defense in 2026, and the rise of on-chain AI agents will bring entirely new attack surfaces. How to properly protect these autonomous decision-making systems will become the main security challenge of the next cycle.