Viewpoint by: Andrey Sergeenkov, researcher, analyst and author
Crypto creators cherish grand assurances: decentralized finance, serving the unbanked, and liberation from intermediaries. Then breaches occur. In certain instances, billions disappear within a night.
On February 21, 2025, the North Korean Lazarus Group seized $1.46 billion from Bybit. They transmitted phishing messages to personnel with access to cold wallets. Once they compromised these accounts, they gained entry to Bybit’s platform and substituted the multisignature wallet contract with their nefarious alternative. When Bybit conducted a routine transfer, the cybercriminals rerouted 499,000 Ether (ETH) to addresses they controlled.
This incident was not merely a lapse in judgment. It was a fundamental design flaw. A framework that permits human elements to facilitate a billion-dollar heist isn’t pioneering — it’s careless.
Individuals lack protection
Within just 10 days, the hackers converted all 499,000 ETH into untraceable assets, primarily utilizing THORChain for their transactions. This decentralized exchange processed an unprecedented $4.66 billion in swaps in a week but instituted no safeguards against questionable conduct.
The cryptocurrency sector has crafted a framework that fails to safeguard users even once a theft has been identified. Some services actually benefited from this criminal activity, amassing millions in fees while facilitating the laundering of pilfered assets.
Recent: SafeWallet publishes Bybit hack post-mortem report
In February 2025, investigators ZachXBT and Tanuki42 disclosed that Coinbase users lost over $300 million annually due to social engineering schemes. Their findings indicated that $65 million was stolen through phishing and other manipulative tactics in December 2024 and January 2025. According to the investigators, Coinbase neglected to address known security flaws in their API keys and verification mechanisms, allowing these human-targeted assaults to succeed.
ZachXBT openly reprimanded the exchange for employing “ineffective customer support agents” and for not properly reporting theft addresses to blockchain surveillance tools, thus complicating the tracking of stolen funds. One fraudster even confessed to targeting affluent users, asserting they make at least five figures weekly.
These are not isolated incidents. The US Federal Bureau of Investigation reported that ordinary crypto enthusiasts lost over $5.6 billion to fraud in 2023, with social engineering constituting at least half of these operations. Americans alone suffer approximately $2 billion–$3 billion yearly due to attacks exploiting human weaknesses. With more than 600 million crypto users globally, conservative projections place individual losses from social engineering at $6 billion–$15 billion in 2024.
Obstacles to adoption
Concerns regarding security are now recognized as the primary hurdle to acceptance by 37% of crypto participants worldwide. Meanwhile, the industry continues to promote high-risk speculative instruments like memecoins, where average participants generally incur losses while insiders gain.
While founders advocate for financial liberty, millions of actual individuals are losing their savings due to vulnerabilities the sector refuses to confront. They are symptoms of a fundamental crisis: Crypto developers prioritize marketing over security.
When crises occur, and they confront scrutiny regarding security shortcomings, crypto leaders retreat behind blockchain’s “code is law” doctrine, presenting philosophical justifications about self-sovereignty and personal accountability. The crypto sector often blames regular users: “Avoid storing keys online,” “Verify addresses prior to sending,” “Never open dubious files.”
No one is secure
Even the industry’s top figures succumb to the same fundamental attacks. In January 2024, Ripple co-founder Chris Larsen lost 283 million XRP (XRP) by storing private keys in an online password manager. DeFiance Capital founder Arthur_0x lost $1.6 million in NFTs and cryptocurrency merely by opening a phishing PDF file.
These individuals are not naive newcomers — they are creators and specialists of the very system that failed to protect them. They are aware of all security protocols, yet the human element is unavoidable. If the architects of the system lose millions, what hope do average users possess?
Awareness of security protocols does not guarantee complete protection because fever, anxiety, fatigue, or emotional upheaval severely impair our decision-making faculties. Attackers continuously test various methods, lingering for moments when users become susceptible. They perpetually refine their methods, developing increasingly persuasive scenarios, impersonations, and urgent situations.
The unalterable nature of blockchain transactions necessitates exceptional safeguards — not inadequate ones. If users cannot reverse errors or thefts, the system must first prevent them from occurring. True innovation entails establishing systems that accommodate real humans, not theoretically infallible users. Financial institutions have learned this lesson over centuries. Crypto developers must grasp it more swiftly.
Instead, industry leaders appear to have disconnected from reality due to the substantial wealth suddenly conferred upon them. They have embraced their public relations narrative, depicting themselves as intellects, and began to perceive themselves as visionaries.
A call to action
Vitalik Buterin admonishes his audience on participating in elections and refines his manifesto, while Justin Sun expend $6.2 million on a banana for a “distinct artistic experience” — all while constructing an environment where perilous mistakes are easily made. This methodology is inherently dishonest. One cannot profess to revolutionize finance while offering less security than the systems you aim to supplant.
What technical excellence exists in frameworks that enable billion-dollar thefts and systematic fraud against ordinary users with such simplicity? A truly excellent technical system would fundamentally incorporate protective measures for users against irrecoverable financial losses. A financial structure that fails to safeguard its users’ assets is not technically sophisticated — it is profoundly unfinished.
It is time to cease drafting manifestos and endorsing dubious PR spectacles intended to entice a wider and more exposed audience. Begin constructing authentic protections that align with the level of risk your users encounter. No amount of blockchain innovation matters if regular individuals cannot engage with these systems without the anxiety of immediate, irreversible financial loss.
Anything less is merely reckless experimentation at the expense of users, camouflaged as a revolution — a scheme that enriches creators and insiders while ordinary individuals shoulder all the hazards.
If the industry fails to tackle this issue, regulators will — and their solutions may not be favorable. Your philosophical discussions on self-sovereignty will hold no weight when licenses are revoked and operations terminated.
This presents the dilemma for crypto builders: Either construct genuinely secure systems that substantiate your claims regarding financial innovation or observe as regulators morph your “revolutionary technology” into yet another heavily controlled financial service. The countdown has begun.
Viewpoint by: Andrey Sergeenkov, researcher, analyst and author.
This article is written for informational purposes and is not intended to constitute legal or investment counsel. The views, thoughts, and opinions expressed herein are solely those of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.
