Crypto Industry Fails to Address 50% of Security Breaches, ZachXBT Warns

Blockchain investigator ZachXBT has expressed significant concerns about the crypto industry's ability to handle security breaches and illicit financial activities. His involvement in freezing funds from the recent Bybit hack has highlighted persistent vulnerabilities and inadequate responses from key players, enabling malicious actors to exploit weaknesses at scale.

ZachXBT pointed out that many of these exploits are caused by fundamental flaws in both decentralized and centralized platforms. Some decentralized protocols generate nearly all their volume and revenue from illicit actors, such as the Democratic People’s Republic of Korea (DPRK). These platforms often fail to take responsibility for facilitating illicit financial activity. Meanwhile, centralized exchanges delay responding to verified threat intelligence, allowing stolen assets to be laundered within minutes.

Know-your-transaction (KYT) solutions, designed to detect illicit fund movements, are frequently circumvented. Know-your-customer (KYC) measures often fail due to compromised user data and the ability to buy accounts. ZachXBT emphasized that KYC issues are not exclusive to crypto and reflect broader regulatory failures in financial oversight.

While acknowledging the risks of excessive government intervention, ZachXBT doubts the industry's ability to effectively self-regulate. He identified several obstacles to meaningful reform, such as large exchanges and services lacking rapid-response teams capable of addressing verified threat intelligence in real time. These platforms often fail to support users impacted by hacks, sometimes withholding account data to limit liability. The legal recovery process for victims is slow, with certain exchanges resisting efforts to return stolen funds.

Centralized stablecoin issuers do not block addresses directly tied to major hacks, allowing illicit actors to retain access to stablecoin liquidity. Compliance tools used by major firms do not regularly flag illegal activity. Some decentralized protocols fail to reassess their design despite most of their transaction volume originating from illicit sources. ZachXBT pointed to new blockchain networks and cross-chain bridges that neglect basic analytics or security measures. He also flagged over-the-counter trading clusters operating on Tron, which continue to handle high volumes of illicit funds with little oversight.

Despite raising these concerns, ZachXBT clarifies that he does not advocate for increased government oversight but points out the crypto sector’s failure to address security gaps proactively. Without industry-wide improvements in incident response, stablecoin issuer policies, and analytics integration, the problem is unlikely to be resolved. ZachXBT’s findings suggest that, for now, illicit actors remain steps ahead of the industry’s security measures.