The explosive growth of blockchain technology and digital assets has unlocked new opportunities – and escalated security risks to an unprecedented level. The latest Fireblocks report, The New Frontier of Crypto Security, explores the most pressing threats institutions face today and outlines proactive measures to protect assets in this evolving landscape.
Why Traditional Security Isn’t Enough
The crypto landscape is at an inflection point. With Blockchain’s Bitcoin ETFs gaining regulatory traction, Real-World Asset (RWA) tokenization accelerating, and stablecoin payments becoming mainstream, institutional adoption is surging. But so are complex new attack vectors—from AI-powered phishing and API exploits to insider threats and multi-chain vulnerabilities.
These attacks are not about any one exchange or custodian—they underscore a systemic need for stronger, more adaptive security measures across the entire digital asset ecosystem. The industry must take collective action to safeguard infrastructure, strengthen access controls, and stay ahead of evolving threats. At Fireblocks, we’re committed to providing the security architecture that helps institutions protect their assets, their users, and the broader market.
The Biggest Institutional Security Gaps
1. Centralized Exchanges and Retail Applications: Prime Targets
Centralized exchanges (CEXs) and retail platforms hold billions of dollars in assets, making them prime targets for attackers. Cybercriminals are leveraging sophisticated methods such as phishing, social engineering, and insider manipulation to exploit vulnerabilities. Recent state-sponsored attacks, including the Bybit attack, have resulted in losses surpassing a billion dollars. As these platforms continue to grow, they remain a primary focus for attackers looking to exploit weaknesses.
“State actors and groups supported by them, like the Lazarus group, are formidable adversaries,” Khaja Ahmed, Chief Information Security Officer at Gemini told Fireblocks. “We have little to no margin for error and have to stay on our top game all the time.”
Institutions must evolve beyond traditional perimeter security. To safeguard assets, implementing multi-layered transaction approvals, advanced authentication, and policy-driven controls is vital. This approach not only helps prevent breaches but also minimizes damage when attacks occur.
2. APIs: The Overlooked Vulnerability
APIs are at the heart of institutional crypto operations, but unsecured or misconfigured API keys can lead to catastrophic breaches. Attackers don’t always need to steal private keys—if they can exploit API misconfigurations or hijack machine access tokens, they can gain unauthorized access with ease. As institutions scale their crypto operations, the risk posed by unsecured APIs becomes increasingly pronounced.
“The challenge for exchanges is not just that we have to build and operate a secure service. We also have to guide our customers to protect their passwords and credentials. Whether we make a mistake or the customer, the attacker wins,” Ahmed said.
3. Transaction & Access Policies: The Final Defense Layer
Once an attacker gains entry, weak transaction and access policies allow them to drain funds with minimal resistance. Without strong access controls and multi-factor authentication, attackers can bypass systems intended to protect institutional assets. Designing robust policies that balance security with operational agility is essential to mitigate the “blast radius” of an attack.
Security is not just about keeping attackers out—it’s about limiting the damage once a breach occurs. Institutions must implement role-based access controls, real-time transaction monitoring, and automated policy enforcement to ensure that any unauthorized activity is quickly detected and contained.
The 2025 Crypto Security Reality Check
A course on ‘defending your digital life’ needs to be taught in schools.
Institutions are underestimating the sophistication of today’s attackers. AI-driven social engineering, multi-stage credential harvesting, and highly coordinated supply chain attacks are already in play, and they’re more complex than ever. Institutions that continue to rely on outdated security models risk leaving their assets vulnerable to the next generation of attacks.
The Fireblocks report, The New Frontier of Crypto Security, offers a deep dive into the most sophisticated attacks happening today and provides best practices for mitigating risk in high-value institutional operations. Read the full report to learn how you can protect your assets and stay secure in the face of growing threats.
