Opinion by: Andrey Sergeenkov, researcher, analyst and author
Crypto founders love massive guarantees: decentralized finance, banking the unbanked and freedom from intermediaries. Then hacks occur. In some circumstances, billions vanish in a single day.
On Feb. 21, 2025, the North Korean Lazarus Group stole $1.46 billion from Bybit. They despatched phishing emails to workers with chilly pockets entry. After compromising these accounts, they accessed Bybit’s interface and changed the multisignature pockets contract with their malicious model. When Bybit tried a routine switch, the hackers redirected 499,000 Ether (ETH) to addresses they managed.
This wasn’t only a human error. This was a design failure. A system that enables human elements to allow a billion-dollar theft isn’t revolutionary — it’s irresponsible.
Persons are not protected
In simply 10 days, the hackers transformed all 499,000 ETH into untraceable funds, utilizing THORChain as their major channel. The decentralized trade processed a document $4.66 billion in swaps in every week however applied no safeguards in opposition to suspicious exercise.
The crypto trade has created a system that can't shield customers even after they uncover a theft. Some companies really profited from this crime, accumulating hundreds of thousands in charges whereas processing the laundering of stolen funds.
Current: SafeWallet releases Bybit hack post-mortem report
In February 2025, investigators ZachXBT and Tanuki42 revealed that Coinbase users lost over $300 million annually to social engineering assaults. Their report confirmed $65 million stolen by means of phishing and different social manipulation methods in December 2024 and January 2025. In response to the investigators, Coinbase failed to handle identified safety vulnerabilities of their API keys and verification programs that make these human-targeted assaults profitable.
ZachXBT instantly criticized the trade for having “ineffective buyer help brokers” and failing to correctly report theft addresses to blockchain monitoring instruments, making stolen funds more durable to trace. One scammer even admitted to concentrating on rich customers, claiming they make at the very least 5 figures every week.
These aren’t remoted circumstances. The US Federal Bureau of Investigation reported that odd crypto customers lost over $5.6 billion to fraud in 2023, and social engineering drove at the very least half of those schemes. People alone lose roughly $2 billion–$3 billion yearly to human vulnerability assaults. With over 600 million crypto customers worldwide, conservative estimates put particular person losses from social engineering at $6 billion–$15 billion in 2024.
Barrier to adoption
Safety issues are actually recognized as the main barrier to adoption by 37% of crypto customers worldwide. In the meantime, the trade continues to promote high-risk speculative assets like memecoins, the place common customers usually lose cash whereas insiders revenue.
Whereas founders pitch monetary freedom, hundreds of thousands of actual folks lose their financial savings by means of vulnerabilities the trade refuses to handle. They’re signs of a basic downside: Crypto builders select advertising over safety.
When disasters occur, they usually face stress about safety failures, crypto leaders cover behind blockchain’s “code is regulation” precept and supply philosophical arguments about self-sovereignty and private duty. The crypto trade likes to blame odd customers: “Don’t retailer keys on-line,” “Verify addresses earlier than sending,” “By no means open suspicious information.”
No one is secure
Even trade leaders themselves fall sufferer to the identical primary assaults. In January 2024, Ripple co-founder Chris Larsen lost 283 million XRP (XRP) attributable to storing non-public keys in a web based password supervisor. DeFiance Capital founder Arthur_0x lost $1.6 million in non-fungible tokens (NFTs) and cryptocurrency just by opening a phishing PDF file.
These folks aren’t naive novices — they’re creators and consultants of the very system that might not shield even them. They know all the safety guidelines, however the human issue is inevitable. If even the system architects lose hundreds of thousands, what likelihood do odd customers have?
Information of safety guidelines doesn’t present full safety as a result of fever, stress, sleep deprivation or emotional misery severely have an effect on our decision-making skills. Attackers repeatedly check totally different approaches, ready for moments when customers change into weak. They evolve their techniques continually, creating more and more convincing eventualities, impersonations and pressing conditions.
The unchangeable nature of blockchain transactions calls for extraordinary safeguards — not fewer. If customers can’t reverse errors or thefts, the system should stop them within the first place. True innovation means constructing programs that work for actual people, not theoretically good customers. Banks realized this lesson over centuries. Crypto builders should be taught it quicker.
As a substitute, trade leaders appear to have misplaced contact with actuality as a result of excessive wealth dumped on them shortly. They’ve purchased into their PR narrative, portraying them as geniuses, and began viewing themselves as visionaries.
A name to motion
Vitalik Buterin lectures his audience on voting in elections and polishes his manifesto, whereas Justin Solar spends $6.2 million on a banana for a “distinctive inventive expertise” — all whereas constructing an surroundings that makes harmful errors straightforward to make. This strategy is basically dishonest. You possibly can’t declare to revolutionize finance whereas offering much less safety than the programs you’re changing.
What technical brilliance exists in programs that allow billion-dollar thefts and systematic fraud of odd customers with such ease? As a core perform, true technical excellence would come with defending customers from everlasting monetary loss. A monetary system that can't safe its customers’ property will not be technically superior — it’s basically incomplete.
It’s time to cease writing manifestos and selling questionable PR stunts designed to draw a broader and extra weak viewers. Begin constructing real protections that match the extent of danger your customers face. No quantity of blockchain innovation issues if odd folks can not use these programs with out worry of instantaneous, everlasting monetary loss.
Something much less is simply reckless experimentation at customers’ expense disguised as a revolution — a scheme that enriches founders and insiders whereas odd folks bear all of the dangers.
If the trade doesn’t clear up this downside, regulators will — and also you gained’t like their options. Your philosophical arguments about self-sovereignty gained’t matter when licenses are revoked and operations shut down.
That is the selection crypto builders face: Both create really safe programs that justify your claims about monetary innovation or watch as regulators rework your “revolutionary expertise” into one other closely regulated monetary service. The clock is ticking.
Opinion by: Andrey Sergeenkov, researcher, analyst and author.
This text is for basic data functions and isn't meant to be and shouldn't be taken as authorized or funding recommendation. The views, ideas, and opinions expressed listed here are the creator’s alone and don't essentially replicate or characterize the views and opinions of Cointelegraph.
