Crypto Industry Faces $1.46 Billion Hack, Security Concerns

In the realm of cryptocurrency, the promise of decentralized finance and financial freedom has often been overshadowed by significant security breaches. On Feb. 21, 2025, the North Korean Lazarus Group executed a sophisticated hack on Bybit, stealing $1.46 billion. The hackers sent phishing emails to staff with access to cold wallets, compromising these accounts and replacing the multisignature wallet contract with a malicious version. This allowed them to redirect 499,000 Ether (ETH) to addresses under their control during a routine transfer.

Ask Aime: What is the impact of the Bybit hack on cryptocurrency trading and the broader market's perception of decentralized finance?

This incident was not merely a human error but a design failure. A system that allows such vulnerabilities to be exploited on such a massive scale is not innovative; it is irresponsible. The hackers swiftly converted all 499,000 ETH into untraceable funds using THORChain, which processed a record $4.66 billion in swaps in a week without implementing safeguards against suspicious activity. Some services even profited from this crime by collecting millions in fees while processing the laundering of stolen funds.

In February 2025, investigators ZachXBT and Tanuki42 revealed that coinbase users lost over $300 million annually to social engineering attacks. Their report highlighted $65 million stolen through phishing and other social manipulation techniques in December 2024 and January 2025. The investigators criticized Coinbase for failing to address known security vulnerabilities in their API keys and verification systems, making these attacks successful. The US Federal Bureau of Investigation reported that ordinary crypto users lost over $5.6 billion to fraud in 2023, with social engineering driving at least half of these schemes. Americans alone lose approximately $2 billion–$3 billion annually to human vulnerability attacks. With over 600 million crypto users worldwide, conservative estimates put individual losses from social engineering at $6 billion–$15 billion in 2024.

Security concerns are now recognized as the main barrier to adoption by 37% of crypto users worldwide. The industry continues to promote high-risk speculative assets like memecoins, where average users typically lose money while insiders profit. While founders pitch financial freedom, millions of real people lose their savings through vulnerabilities the industry refuses to address. These issues are symptoms of a fundamental problem: Crypto builders choose marketing over security.

When disasters happen, and they face pressure about security failures, crypto leaders hide behind blockchain’s “code is law” principle and offer philosophical arguments about self-sovereignty and personal responsibility. The industry loves to blame ordinary users: “Don’t store keys online,” “Check addresses before sending,” “Never open suspicious files.” However, even industry leaders themselves fall victim to the same basic attacks. In January 2024, Ripple co-founder Chris Larsen lost 283 million XRP (XRP) due to storing private keys in an online password manager. DeFiance Capital founder Arthur_0x lost $1.6 million in non-fungible tokens (NFTs) and cryptocurrency simply by opening a phishing PDF file.

These people aren’t naive beginners — they’re creators and experts of the very system that could not protect even them. They know all the security rules, but the human factor is inevitable. If even the system architects lose millions, what chance do ordinary users have? Knowledge of security rules doesn’t provide complete protection because fever, stress, sleep deprivation or emotional distress severely affect our decision-making abilities. Attackers continuously test different approaches, waiting for moments when users become vulnerable. They evolve their tactics constantly, creating increasingly convincing scenarios, impersonations and urgent situations.

The unchangeable nature of blockchain transactions demands extraordinary safeguards — not fewer. If users can’t reverse mistakes or thefts, the system must prevent them in the first place. True innovation means building systems that work for real humans, not theoretically perfect users. Banks learned this lesson over centuries. Crypto builders must learn it faster.

Instead, industry leaders seem to have lost touch with reality due to the extreme wealth dumped on them quickly. They’ve bought into their PR narrative, portraying them as geniuses, and started viewing themselves as visionaries. Vitalik Buterin lectures his audience on voting in elections and polishes his manifesto, while Justin Sun spends $6.2 million on a banana for a “unique artistic experience” — all while building an environment that makes dangerous mistakes easy to make. This approach is fundamentally dishonest. You can’t claim to revolutionize finance while providing less security than the systems you’re replacing.

What technical brilliance exists in systems that permit billion-dollar thefts and systematic fraud of ordinary users with such ease? As a core function, true technical excellence would include protecting users from permanent financial loss. A financial system that cannot secure its users’ assets is not technically advanced — it’s fundamentally incomplete.

It’s time to stop writing manifestos and promoting questionable PR stunts designed to attract a broader and more vulnerable audience. Start building genuine protections that match the level of risk your users face. No amount of blockchain innovation matters if ordinary people cannot use these systems without fear of instant, permanent financial loss. Anything less is just reckless experimentation at users’ expense disguised as a revolution — a scheme that enriches founders and insiders while ordinary people bear all the risks.

If the industry doesn’t solve this problem, regulators will — and you won’t like their solutions. Your philosophical arguments about self-sovereignty won’t matter when licenses are revoked and operations shut down. This is the choice crypto builders face: Either create truly secure systems that justify your claims about financial innovation or watch as regulators transform your “revolutionary technology” into another heavily regulated financial service. The clock is ticking.