Opinion by: Andrey Sergeenkov, researcher, analyst and author
Crypto founders love massive guarantees: decentralized finance, banking the unbanked and freedom from intermediaries. Then hacks occur. In some circumstances, billions vanish in a single day.
On Feb. 21, 2025, the North Korean Lazarus Group stole $1.46 billion from Bybit. They despatched phishing emails to employees with chilly pockets entry. After compromising these accounts, they accessed Bybit’s interface and changed the multisignature pockets contract with their malicious model. When Bybit tried a routine switch, the hackers redirected 499,000 Ether (ETH) to addresses they managed.
This wasn’t only a human error. This was a design failure. A system that enables human components to allow a billion-dollar theft isn’t progressive — it’s irresponsible.
Persons are not protected
In simply 10 days, the hackers transformed all 499,000 ETH into untraceable funds, utilizing THORChain as their main channel. The decentralized trade processed a document $4.66 billion in swaps in per week however applied no safeguards towards suspicious exercise.
The crypto business has created a system that can’t shield customers even after they uncover a theft. Some providers truly profited from this crime, accumulating thousands and thousands in charges whereas processing the laundering of stolen funds.
Current: SafeWallet releases Bybit hack autopsy report
In February 2025, investigators ZachXBT and Tanuki42 revealed that Coinbase customers misplaced over $300 million yearly to social engineering assaults. Their report confirmed $65 million stolen by way of phishing and different social manipulation methods in December 2024 and January 2025. In response to the investigators, Coinbase failed to deal with recognized safety vulnerabilities of their API keys and verification programs that make these human-targeted assaults profitable.
ZachXBT instantly criticized the trade for having “ineffective buyer assist brokers” and failing to correctly report theft addresses to blockchain monitoring instruments, making stolen funds more durable to trace. One scammer even admitted to focusing on rich customers, claiming they make at the very least 5 figures per week.
These aren’t remoted circumstances. The US Federal Bureau of Investigation reported that bizarre crypto customers misplaced over $5.6 billion to fraud in 2023, and social engineering drove at the very least half of those schemes. People alone lose roughly $2 billion–$3 billion yearly to human vulnerability assaults. With over 600 million crypto customers worldwide, conservative estimates put particular person losses from social engineering at $6 billion–$15 billion in 2024.
Barrier to adoption
Safety considerations are actually acknowledged as the principle barrier to adoption by 37% of crypto customers worldwide. In the meantime, the business continues to advertise high-risk speculative belongings like memecoins, the place common customers usually lose cash whereas insiders revenue.
Whereas founders pitch monetary freedom, thousands and thousands of actual folks lose their financial savings by way of vulnerabilities the business refuses to deal with. They’re signs of a basic downside: Crypto builders select advertising over safety.
When disasters occur, they usually face strain about safety failures, crypto leaders conceal behind blockchain’s “code is regulation” precept and provide philosophical arguments about self-sovereignty and private duty. The crypto business likes to blame bizarre customers: “Don’t retailer keys on-line,” “Test addresses earlier than sending,” “By no means open suspicious recordsdata.”
No one is secure
Even business leaders themselves fall sufferer to the identical primary assaults. In January 2024, Ripple co-founder Chris Larsen misplaced 283 million XRP (XRP) attributable to storing personal keys in a web-based password supervisor. DeFiance Capital founder Arthur_0x misplaced $1.6 million in non-fungible tokens (NFTs) and cryptocurrency just by opening a phishing PDF file.
These folks aren’t naive rookies — they’re creators and specialists of the very system that might not shield even them. They know all the safety guidelines, however the human issue is inevitable. If even the system architects lose thousands and thousands, what likelihood do bizarre customers have?
Data of safety guidelines doesn’t present full safety as a result of fever, stress, sleep deprivation or emotional misery severely have an effect on our decision-making talents. Attackers repeatedly check totally different approaches, ready for moments when customers turn out to be weak. They evolve their techniques continuously, creating more and more convincing eventualities, impersonations and pressing conditions.
The unchangeable nature of blockchain transactions calls for extraordinary safeguards — not fewer. If customers can’t reverse errors or thefts, the system should forestall them within the first place. True innovation means constructing programs that work for actual people, not theoretically excellent customers. Banks discovered this lesson over centuries. Crypto builders should study it quicker.
As an alternative, business leaders appear to have misplaced contact with actuality because of the excessive wealth dumped on them shortly. They’ve purchased into their PR narrative, portraying them as geniuses, and began viewing themselves as visionaries.
A name to motion
Vitalik Buterin lectures his viewers on voting in elections and polishes his manifesto, whereas Justin Solar spends $6.2 million on a banana for a “distinctive inventive expertise” — all whereas constructing an atmosphere that makes harmful errors straightforward to make. This method is essentially dishonest. You’ll be able to’t declare to revolutionize finance whereas offering much less safety than the programs you’re changing.
What technical brilliance exists in programs that let billion-dollar thefts and systematic fraud of bizarre customers with such ease? As a core operate, true technical excellence would come with defending customers from everlasting monetary loss. A monetary system that can’t safe its customers’ belongings isn’t technically superior — it’s essentially incomplete.
It’s time to cease writing manifestos and selling questionable PR stunts designed to draw a broader and extra weak viewers. Begin constructing real protections that match the extent of threat your customers face. No quantity of blockchain innovation issues if bizarre folks can’t use these programs with out worry of prompt, everlasting monetary loss.
Something much less is simply reckless experimentation at customers’ expense disguised as a revolution — a scheme that enriches founders and insiders whereas bizarre folks bear all of the dangers.
If the business doesn’t remedy this downside, regulators will — and also you gained’t like their options. Your philosophical arguments about self-sovereignty gained’t matter when licenses are revoked and operations shut down.
That is the selection crypto builders face: Both create really safe programs that justify your claims about monetary innovation or watch as regulators remodel your “revolutionary know-how” into one other closely regulated monetary service. The clock is ticking.
Opinion by: Andrey Sergeenkov, researcher, analyst and author.
This text is for basic info functions and isn’t supposed to be and shouldn’t be taken as authorized or funding recommendation. The views, ideas, and opinions expressed listed here are the writer’s alone and don’t essentially mirror or characterize the views and opinions of Cointelegraph.