The rise in cyberattacks on crypto platforms—most recently the Bybit breach—has exposed alarming vulnerabilities across the industry. This report delves into the evolving landscape of crypto security, highlighting new challenges and advanced guidance for safeguarding digital assets in this new era.
The crypto and digital asset industry stands at a turning point. With institutions like BlackRock introducing Bitcoin ETFs, the tokenization of Real-World Assets (RWAs) gaining traction, and payment innovation continuing to grow with stablecoin transactions, the market is quickly evolving.
At the end of 2024, the total market capitalization stands at $3.2 trillion, DeFi’s total value locked (TVL) has returned to its 2021 peak at $134 billion, and the combined market value of USDT and USDC exceeds $204 billion.
New conditions and continued efforts by hacker groups such as Lazarus introduce dizzyingly complex attack vectors — including API exploits, advanced insider threats, and exploits of different blockchain configurations. Though private key security and traditional protection against transfer of funds are still important, relying on security solutions of years past is insufficient.
Meanwhile, more users, more funds, and more transactions create larger targets for attackers.
1. Higher Transaction Volumes
As blockchain transactions increase, so do potential targets for attacks and financial incentives for attackers.
2. Surge in Users & Wallets
With more individual and institutional users, each new wallet or account is a potential entry point for attackers, expanding the attack surface.
The global cryptocurrency user base expanded by nearly 40 million in the latter half of 2024.
Source: Most In-demand Web3 Jobs of 2025
3. More dApp Interactions
dApps introduce vulnerabilities via smart contracts and potential front-end attacks, with users at risk of phishing and developers facing bugs or improper access to admin functions.
4. Growing Personnel Needs
As crypto adoption rises, so does the need for qualified staff. Under-resourced organizations risk human errors, insider threats, and malicious fake candidates. This is amplified with fully-remote engineering positions.
The Web3 job market has seen a 45% increase in job postings year-over-year.
Source: Most In-demand Web3 Jobs of 2025
5. Expanding API Usage
APIs are critical for the fast and automated delivery of crypto services, but poor design or lack of security can expose sensitive systems to cyberattacks.
6. Entry of New Market Players
New players bring innovation but also unfamiliar risks, often becoming targets due to weaker security practices and working knowledge of the industry.
7. More Blockchains & Implementations
The growth of different blockchains increases the attack surface, with each protocol having unique vulnerabilities.
8. Expanding Use Cases & Features
New blockchain features like smart contract wallets and AI agents introduce new security risks, as more complex systems provide more opportunities for attackers.
9. AI in the wrong hands
AI is enabling attackers to automate and scale sophisticated exploits that deceive users through deepfake social engineering and advanced phishing, leading to significant financial losses from unauthorized transactions.
Unlike traditional cyber attacks that focus on indirect monetization through data theft or ransom, crypto-related attacks focus on direct monetization by compromising the business logic of financial applications and operational workflows, allowing attackers to access financial transactions. We see three critical areas of security vulnerabilities in the industry today that need to be addressed before onboarding the next billion users.
1. Centralized Exchanges and Retail Applications: The Frontline of Attacks
Centralized exchanges and retail applications serve as the primary gateway to crypto for both retail users and institutions. Because of this, centralized exchanges are primary targets of attackers because: (1) they hold hundreds of millions or billions of assets under custody (AUC), often concentrated into omnibus accounts; (2) they represent a wide attack surface, from end-user vulnerabilities to a sizable operation, tech and support employee base subject to insider threats – all subject both on-chain and off-chain vulnerabilities.
Real-Life Attack: Bybit’s $1.5B hack occurred when Lazarus compromised a Safe{Wallet} developer’s machine, gained access to its production environment, and deploy malicious code directly into Bybit’s wallet UI. This allowed them to manipulate Bybit’s transaction, which Bybit unknowingly approved through blind signing using Ledger devices, ultimately transferring $1.5B to Lazarus’ address.
Given the wide range of potential attack points, crypto organizations must be aware of where their vulnerabilities lie. Below are the key areas of vulnerability in both the end-user and organizational layers.
Real-Life Attack: A DeFi protocol’s Twitter account was compromised and used to promote a fake token launch. This deceived a portfolio manager at an asset management firm into connecting their account to a phishing dApp and ultimately signing a malicious Permit2 transaction, unknowingly granting the attacker an allowance over the firm’s assets. This off-chain approval gave attackers control over the firm’s assets, allowing them to drain funds in a follow-up transaction—resulting in a seven-figure loss.
An attacker’s primary goal is to gain control of funds. Highly integrated and complex operations get risky, particularly as they pertain to core treasury operations, token issuance & lifecycle management & DeFi and Web3 Operations.
Transaction and access policies are a central defense mechanism, creating clear boundaries that dramatically reduce the “blast radius” of an attack. However, the challenge lies in crafting policies that strike a balance between strict security and operational efficiency, ensuring both protection and agility. Even more foundational is the need to ensure the underlying system’s integrity to avoid the policy engine itself from being breached, manipulated, and therefore bypassed.
Real-Life Attack: A hacker exploited a centralized exchange by using a multi-step fake deposit attack. The attacker used a mule to pass KYC on a new account, and generated a deposit address directly linked to their account. A malicious smart contract was set up to only partially complete a transaction – ultimately deceiving the exchange’s infrastructure into crediting funds that were never actually transferred. The attacker built up a fake balance worth hundreds of thousands, and gradually withdrew real funds from the exchange’s hot wallet.
The attack surface is focused on three specific areas: (1) Core Treasury Operations; (2) Token Issuance & Lifecycle Management; (3) DeFi & Web3 Operations. Insider threats, such as malicious actions or negligence from employees or contractors, can lead to severe damage if not properly managed. Additionally, both traditional and advanced phishing techniques, such as Web2 phishing and Web3/Ice phishing, remain prevalent, putting sensitive credentials and decentralized systems at risk. Understanding and addressing these threats is crucial to safeguarding both centralized and decentralized systems from malicious activities.
API-based automation is becoming essential for high-throughput to efficiently scale and meet growing user demands. However, this also introduces vulnerabilities. Specifically, API keys tokens and machine access tokens are attractive targets to attackers as they offer a direct path to financial theft, usually bypassing traditional approval processes. As API automation grows, implementing a strong policy-based framework for API management is crucial to mitigate potential security risks.
People:
Traditional Cyber Intrusion:
Secure-by-design architecture, robust policy & governance controls, integrated yet sophisticated multi-device approval, real-time transaction visibility and automated threat detection help prevent blind signing and hidden exploits.
For all external infrastructure systems, your team will utilize, like smart contracts, oracles or even external vendors, keep close track of dependencies and vulnerabilities, both on- and off-chain, always waiting for community validation before deploying updates.
Implement transaction authorization policies to define security guardrails based on your business’ logic and threat modeling. Ensure that critical and/or sensitive operations are properly escalated to the appropriate approvers.
Minimize risk exposure by setting up role-based permissions to control access to sensitive financial operations, smart contract deployments, and other key systems.
Limit interactions to pre-approved destinations and trusted contracts, and ensure that whitelisting of new addresses goes through senior staff – enabling the rest of the organization to work efficiently within these boundaries.
Audit both on-chain and off-chain code to maintain robust security and avoid business-specific as well as generic vulnerabilities in your code. Vulnerabilities in either can lead to serious consequences. Use reputable audit firms and continuous testing to stay ahead of potential exploits.
Be prepared and ensure security is up to date as your business changes. Conduct quarterly operational and system tests from the ground up. Identify permission weak points, system vulnerabilities, and governance logic gaps. Continuous improvement is where you stay ahead of adversaries.
Crypto adoption is growing rapidly, and with it, the scope of security threats continues to expand. As the next wave of users comes on-chain, it’s crucial that your organization remains proactive, vigilant, and adaptable with the most advanced intelligence and practices in hand to handle the threats that lie ahead.
Find out how Fireblocks helps your digital asset business to grow fast and stay secure.
