Opinion by: Andrey Sergeenkov, researcher, analyst and author
Crypto founders love massive guarantees: decentralized finance, banking the unbanked and freedom from intermediaries. Then hacks occur. In some circumstances, billions vanish in a single day.
On Feb. 21, 2025, the North Korean Lazarus Group stole $1.46 billion from Bybit. They despatched phishing emails to workers with chilly pockets entry. After compromising these accounts, they accessed Bybit’s interface and changed the multisignature pockets contract with their malicious model. When Bybit tried a routine switch, the hackers redirected 499,000 Ether (ETH) to addresses they managed.
This wasn’t only a human error. This was a design failure. A system that permits human elements to allow a billion-dollar theft isn’t revolutionary — it’s irresponsible.
Persons are not protected
In simply 10 days, the hackers transformed all 499,000 ETH into untraceable funds, utilizing THORChain as their major channel. The decentralized alternate processed a report $4.66 billion in swaps in per week however applied no safeguards in opposition to suspicious exercise.
The crypto trade has created a system that can’t defend customers even after they uncover a theft. Some providers truly profited from this crime, accumulating hundreds of thousands in charges whereas processing the laundering of stolen funds.
Latest: SafeWallet releases Bybit hack autopsy report
In February 2025, investigators ZachXBT and Tanuki42 revealed that Coinbase customers misplaced over $300 million yearly to social engineering assaults. Their report confirmed $65 million stolen by way of phishing and different social manipulation methods in December 2024 and January 2025. In response to the investigators, Coinbase failed to handle recognized safety vulnerabilities of their API keys and verification techniques that make these human-targeted assaults profitable.
ZachXBT immediately criticized the alternate for having “ineffective buyer assist brokers” and failing to correctly report theft addresses to blockchain monitoring instruments, making stolen funds tougher to trace. One scammer even admitted to concentrating on rich customers, claiming they make no less than 5 figures per week.
These aren’t remoted circumstances. The US Federal Bureau of Investigation reported that strange crypto customers misplaced over $5.6 billion to fraud in 2023, and social engineering drove no less than half of those schemes. Individuals alone lose roughly $2 billion–$3 billion yearly to human vulnerability assaults. With over 600 million crypto customers worldwide, conservative estimates put particular person losses from social engineering at $6 billion–$15 billion in 2024.
Barrier to adoption
Safety issues are actually acknowledged as the principle barrier to adoption by 37% of crypto customers worldwide. In the meantime, the trade continues to advertise high-risk speculative property like memecoins, the place common customers usually lose cash whereas insiders revenue.
Whereas founders pitch monetary freedom, hundreds of thousands of actual folks lose their financial savings by way of vulnerabilities the trade refuses to handle. They’re signs of a elementary downside: Crypto builders select advertising over safety.
When disasters occur, they usually face strain about safety failures, crypto leaders disguise behind blockchain’s “code is regulation” precept and provide philosophical arguments about self-sovereignty and private duty. The crypto trade likes to blame strange customers: “Don’t retailer keys on-line,” “Test addresses earlier than sending,” “By no means open suspicious recordsdata.”
No person is protected
Even trade leaders themselves fall sufferer to the identical primary assaults. In January 2024, Ripple co-founder Chris Larsen misplaced 283 million XRP (XRP) because of storing non-public keys in a web based password supervisor. DeFiance Capital founder Arthur_0x misplaced $1.6 million in non-fungible tokens (NFTs) and cryptocurrency just by opening a phishing PDF file.
These folks aren’t naive inexperienced persons — they’re creators and specialists of the very system that might not defend even them. They know all the safety guidelines, however the human issue is inevitable. If even the system architects lose hundreds of thousands, what likelihood do strange customers have?
Information of safety guidelines doesn’t present full safety as a result of fever, stress, sleep deprivation or emotional misery severely have an effect on our decision-making skills. Attackers repeatedly take a look at completely different approaches, ready for moments when customers turn out to be weak. They evolve their ways consistently, creating more and more convincing eventualities, impersonations and pressing conditions.
The unchangeable nature of blockchain transactions calls for extraordinary safeguards — not fewer. If customers can’t reverse errors or thefts, the system should forestall them within the first place. True innovation means constructing techniques that work for actual people, not theoretically good customers. Banks discovered this lesson over centuries. Crypto builders should be taught it sooner.
As a substitute, trade leaders appear to have misplaced contact with actuality because of the excessive wealth dumped on them rapidly. They’ve purchased into their PR narrative, portraying them as geniuses, and began viewing themselves as visionaries.
A name to motion
Vitalik Buterin lectures his viewers on voting in elections and polishes his manifesto, whereas Justin Solar spends $6.2 million on a banana for a “distinctive creative expertise” — all whereas constructing an setting that makes harmful errors simple to make. This method is essentially dishonest. You may’t declare to revolutionize finance whereas offering much less safety than the techniques you’re changing.
What technical brilliance exists in techniques that let billion-dollar thefts and systematic fraud of strange customers with such ease? As a core perform, true technical excellence would come with defending customers from everlasting monetary loss. A monetary system that can’t safe its customers’ property will not be technically superior — it’s essentially incomplete.
It’s time to cease writing manifestos and selling questionable PR stunts designed to draw a broader and extra weak viewers. Begin constructing real protections that match the extent of danger your customers face. No quantity of blockchain innovation issues if strange folks can not use these techniques with out worry of immediate, everlasting monetary loss.
Something much less is simply reckless experimentation at customers’ expense disguised as a revolution — a scheme that enriches founders and insiders whereas strange folks bear all of the dangers.
If the trade doesn’t resolve this downside, regulators will — and also you gained’t like their options. Your philosophical arguments about self-sovereignty gained’t matter when licenses are revoked and operations shut down.
That is the selection crypto builders face: Both create really safe techniques that justify your claims about monetary innovation or watch as regulators rework your “revolutionary expertise” into one other closely regulated monetary service. The clock is ticking.
Opinion by: Andrey Sergeenkov, researcher, analyst and author.
This text is for common info functions and isn’t supposed to be and shouldn’t be taken as authorized or funding recommendation. The views, ideas, and opinions expressed listed here are the creator’s alone and don’t essentially replicate or symbolize the views and opinions of Cointelegraph.