1 month ago
Opinion by: Andrey Sergeenkov, researcher, expert and writer
Crypto founders emotion large promises: decentralized finance, banking the unbanked and state from intermediaries. Then hacks happen. In immoderate cases, billions vanish overnight.
On Feb. 21, 2025, the North Korean Lazarus Group stole $1.46 cardinal from Bybit. They sent phishing emails to unit with acold wallet access. After compromising these accounts, they accessed Bybit’s interface and replaced the multisignature wallet declaration with their malicious version. When Bybit attempted a regular transfer, the hackers redirected 499,000 Ether (ETH) to addresses they controlled.
This wasn’t conscionable a quality error. This was a plan failure. A strategy that allows quality factors to alteration a billion-dollar theft isn’t innovative — it’s irresponsible.
People are not protected
In conscionable 10 days, the hackers converted each 499,000 ETH into untraceable funds, utilizing THORChain arsenic their superior channel. The decentralized speech processed a grounds $4.66 cardinal successful swaps successful a week but implemented nary safeguards against suspicious activity.
The crypto manufacture has created a strategy that cannot support users adjacent aft they observe a theft. Some services really profited from this crime, collecting millions successful fees portion processing the laundering of stolen funds.
Recent: SafeWallet releases Bybit hack post-mortem report
In February 2025, investigators ZachXBT and Tanuki42 revealed that Coinbase users mislaid implicit $300 cardinal annually to societal engineering attacks. Their study showed $65 cardinal stolen done phishing and different societal manipulation techniques successful December 2024 and January 2025. According to the investigators, Coinbase failed to code known information vulnerabilities successful their API keys and verification systems that marque these human-targeted attacks successful.
ZachXBT straight criticized the speech for having “useless lawsuit enactment agents” and failing to decently study theft addresses to blockchain monitoring tools, making stolen funds harder to track. One scammer adjacent admitted to targeting affluent users, claiming they marque astatine slightest 5 figures a week.
These aren’t isolated cases. The US Federal Bureau of Investigation reported that mean crypto users lost implicit $5.6 cardinal to fraud successful 2023, and societal engineering drove astatine slightest fractional of these schemes. Americans unsocial suffer astir $2 billion–$3 cardinal annually to quality vulnerability attacks. With implicit 600 cardinal crypto users worldwide, blimpish estimates enactment idiosyncratic losses from societal engineering astatine $6 billion–$15 cardinal successful 2024.
Barrier to adoption
Security concerns are present recognized arsenic the main obstruction to adoption by 37% of crypto users worldwide. Meanwhile, the manufacture continues to beforehand high-risk speculative assets similar memecoins, wherever mean users typically suffer wealth portion insiders profit.
While founders transportation fiscal freedom, millions of existent radical suffer their savings done vulnerabilities the manufacture refuses to address. They’re symptoms of a cardinal problem: Crypto builders take selling implicit security.
When disasters happen, and they look unit astir information failures, crypto leaders fell down blockchain’s “code is law” rule and connection philosophical arguments astir self-sovereignty and idiosyncratic responsibility. The crypto manufacture loves to blasted mean users: “Don’t store keys online,” “Check addresses earlier sending,” “Never unfastened suspicious files.”
Nobody is safe
Even manufacture leaders themselves autumn unfortunate to the aforesaid basal attacks. In January 2024, Ripple co-founder Chris Larsen lost 283 cardinal XRP (XRP) owed to storing backstage keys successful an online password manager. DeFiance Capital laminitis Arthur_0x lost $1.6 cardinal successful non-fungible tokens (NFTs) and cryptocurrency simply by opening a phishing PDF file.
These radical aren’t naive beginners — they’re creators and experts of the precise strategy that could not support adjacent them. They cognize each the information rules, but the quality origin is inevitable. If adjacent the strategy architects suffer millions, what accidental bash mean users have?
Knowledge of information rules doesn’t supply implicit extortion due to the fact that fever, stress, slumber deprivation oregon affectional distress severely impact our decision-making abilities. Attackers continuously trial antithetic approaches, waiting for moments erstwhile users go vulnerable. They germinate their tactics constantly, creating progressively convincing scenarios, impersonations and urgent situations.
The unchangeable quality of blockchain transactions demands bonzer safeguards — not fewer. If users can’t reverse mistakes oregon thefts, the strategy indispensable forestall them successful the archetypal place. True innovation means gathering systems that enactment for existent humans, not theoretically cleanable users. Banks learned this acquisition implicit centuries. Crypto builders indispensable larn it faster.
Instead, manufacture leaders look to person mislaid interaction with world owed to the utmost wealthiness dumped connected them quickly. They’ve bought into their PR narrative, portraying them arsenic geniuses, and started viewing themselves arsenic visionaries.
A telephone to action
Vitalik Buterin lectures his assemblage connected voting successful elections and polishes his manifesto, portion Justin Sun spends $6.2 cardinal connected a banana for a “unique creator experience” — each portion gathering an situation that makes unsafe mistakes casual to make. This attack is fundamentally dishonest. You can’t assertion to revolutionize concern portion providing little information than the systems you’re replacing.
What method brilliance exists successful systems that licence billion-dollar thefts and systematic fraud of mean users with specified ease? As a halfway function, existent method excellence would see protecting users from imperishable fiscal loss. A fiscal strategy that cannot unafraid its users’ assets is not technically precocious — it’s fundamentally incomplete.
It’s clip to halt penning manifestos and promoting questionable PR stunts designed to pull a broader and much susceptible audience. Start gathering genuine protections that lucifer the level of hazard your users face. No magnitude of blockchain innovation matters if mean radical cannot usage these systems without fearfulness of instant, imperishable fiscal loss.
Anything little is conscionable reckless experimentation astatine users’ disbursal disguised arsenic a gyration — a strategy that enriches founders and insiders portion mean radical carnivore each the risks.
If the manufacture doesn’t lick this problem, regulators volition — and you won’t similar their solutions. Your philosophical arguments astir self-sovereignty won’t substance erstwhile licenses are revoked and operations unopen down.
This is the prime crypto builders face: Either make genuinely unafraid systems that warrant your claims astir fiscal innovation oregon ticker arsenic regulators alteration your “revolutionary technology” into different heavy regulated fiscal service. The timepiece is ticking.
Opinion by: Andrey Sergeenkov, researcher, expert and writer.
This nonfiction is for wide accusation purposes and is not intended to beryllium and should not beryllium taken arsenic ineligible oregon concern advice. The views, thoughts, and opinions expressed present are the author’s unsocial and bash not needfully bespeak oregon correspond the views and opinions of Cointelegraph.
English (US) 