Opinion by: Andrey Sergeenkov, researcher, analyst and author
Crypto founders love massive guarantees: decentralized finance, banking the unbanked and freedom from intermediaries. Then hacks occur. In some circumstances, billions vanish in a single day.
On Feb. 21, 2025, the North Korean Lazarus Group stole $1.46 billion from Bybit. They despatched phishing emails to employees with chilly pockets entry. After compromising these accounts, they accessed Bybit’s interface and changed the multisignature pockets contract with their malicious model. When Bybit tried a routine switch, the hackers redirected 499,000 Ether (ETH) to addresses they managed.
This wasn’t only a human error. This was a design failure. A system that enables human components to allow a billion-dollar theft isn’t modern — it’s irresponsible.
Folks are not protected
In simply 10 days, the hackers transformed all 499,000 ETH into untraceable funds, utilizing THORChain as their main channel. The decentralized alternate processed a file $4.66 billion in swaps in per week however applied no safeguards towards suspicious exercise.
The crypto trade has created a system that can’t shield customers even after they uncover a theft. Some companies really profited from this crime, accumulating tens of millions in charges whereas processing the laundering of stolen funds.
Current: SafeWallet releases Bybit hack post-mortem report
In February 2025, investigators ZachXBT and Tanuki42 revealed that Coinbase users lost over $300 million annually to social engineering assaults. Their report confirmed $65 million stolen by phishing and different social manipulation methods in December 2024 and January 2025. In accordance with the investigators, Coinbase failed to deal with identified safety vulnerabilities of their API keys and verification programs that make these human-targeted assaults profitable.
ZachXBT immediately criticized the alternate for having “ineffective buyer help brokers” and failing to correctly report theft addresses to blockchain monitoring instruments, making stolen funds more durable to trace. One scammer even admitted to concentrating on rich customers, claiming they make at the least 5 figures per week.
These aren’t remoted circumstances. The US Federal Bureau of Investigation reported that unusual crypto customers lost over $5.6 billion to fraud in 2023, and social engineering drove at the least half of those schemes. Individuals alone lose roughly $2 billion–$3 billion yearly to human vulnerability assaults. With over 600 million crypto customers worldwide, conservative estimates put particular person losses from social engineering at $6 billion–$15 billion in 2024.
Barrier to adoption
Safety issues are now recognized as the main barrier to adoption by 37% of crypto customers worldwide. In the meantime, the trade continues to promote high-risk speculative assets like memecoins, the place common customers usually lose cash whereas insiders revenue.
Whereas founders pitch monetary freedom, tens of millions of actual individuals lose their financial savings by vulnerabilities the trade refuses to deal with. They’re signs of a elementary downside: Crypto builders select advertising over safety.
When disasters occur, and they face strain about safety failures, crypto leaders cover behind blockchain’s “code is regulation” precept and provide philosophical arguments about self-sovereignty and private duty. The crypto trade likes to blame unusual customers: “Don’t retailer keys on-line,” “Verify addresses earlier than sending,” “By no means open suspicious recordsdata.”
No one is secure
Even trade leaders themselves fall sufferer to the identical fundamental assaults. In January 2024, Ripple co-founder Chris Larsen lost 283 million XRP (XRP) because of storing personal keys in a web-based password supervisor. DeFiance Capital founder Arthur_0x lost $1.6 million in non-fungible tokens (NFTs) and cryptocurrency just by opening a phishing PDF file.
These individuals aren’t naive novices — they’re creators and specialists of the very system that would not shield even them. They know all the safety guidelines, however the human issue is inevitable. If even the system architects lose tens of millions, what likelihood do unusual customers have?
Information of safety guidelines doesn’t present full safety as a result of fever, stress, sleep deprivation or emotional misery severely have an effect on our decision-making skills. Attackers constantly take a look at totally different approaches, ready for moments when customers grow to be weak. They evolve their ways always, creating more and more convincing situations, impersonations and pressing conditions.
The unchangeable nature of blockchain transactions calls for extraordinary safeguards — not fewer. If customers can’t reverse errors or thefts, the system should stop them within the first place. True innovation means constructing programs that work for actual people, not theoretically good customers. Banks realized this lesson over centuries. Crypto builders should study it sooner.
As an alternative, trade leaders appear to have misplaced contact with actuality as a result of excessive wealth dumped on them shortly. They’ve purchased into their PR narrative, portraying them as geniuses, and began viewing themselves as visionaries.
A name to motion
Vitalik Buterin lectures his audience on voting in elections and polishes his manifesto, whereas Justin Solar spends $6.2 million on a banana for a “distinctive inventive expertise” — all whereas constructing an surroundings that makes harmful errors simple to make. This strategy is essentially dishonest. You possibly can’t declare to revolutionize finance whereas offering much less safety than the programs you’re changing.
What technical brilliance exists in programs that let billion-dollar thefts and systematic fraud of unusual customers with such ease? As a core perform, true technical excellence would come with defending customers from everlasting monetary loss. A monetary system that can’t safe its customers’ property shouldn’t be technically superior — it’s essentially incomplete.
It’s time to cease writing manifestos and selling questionable PR stunts designed to draw a broader and extra weak viewers. Begin constructing real protections that match the extent of danger your customers face. No quantity of blockchain innovation issues if unusual individuals can’t use these programs with out concern of instantaneous, everlasting monetary loss.
Something much less is simply reckless experimentation at customers’ expense disguised as a revolution — a scheme that enriches founders and insiders whereas unusual individuals bear all of the dangers.
If the trade doesn’t resolve this downside, regulators will — and you gained’t like their options. Your philosophical arguments about self-sovereignty gained’t matter when licenses are revoked and operations shut down.
That is the selection crypto builders face: Both create really safe programs that justify your claims about monetary innovation or watch as regulators remodel your “revolutionary know-how” into one other closely regulated monetary service. The clock is ticking.
Opinion by: Andrey Sergeenkov, researcher, analyst and author.
This text is for common data functions and shouldn’t be meant to be and shouldn’t be taken as authorized or funding recommendation. The views, ideas, and opinions expressed right here are the creator’s alone and don’t essentially replicate or characterize the views and opinions of Cointelegraph.
Cointelegraph by Andrey Sergeenkov Stop pretending technical and human vulnerabilities are separate things cointelegraph.com 2025-03-31 08:00:00
Source link