Source: Cointelegraph Original: "{title}"
Opinion: Andrey Sergeenkov, researcher, analyst, and writer
Cryptocurrency founders love to make ambitious promises: decentralized finance, providing financial services for the unbanked, and eliminating intermediaries. However, hacks occur frequently. In some cases, billions of dollars disappear overnight.
On February 21, 2025, North Korea's Lazarus Group stole $1.46 billion from Bybit. They sent phishing emails to employees with access to cold wallet credentials. After gaining access to these accounts, they accessed Bybit's interface and replaced the multi-signature wallet contract with their malicious version. When Bybit conducted routine transfers, the hackers moved 499,000 Ether (ETH) to addresses they controlled.
This is not just human error. It is a design flaw. A system that allows human factors to lead to the theft of billions of dollars is not innovative; it is irresponsible.
Users are not protected
In just 10 days, the hackers converted all 499,000 ETH into untraceable funds, primarily trading through THORChain channels. This decentralized exchange processed a record $4.66 billion in swap transactions within a week but took no protective measures against suspicious activity.
The cryptocurrency industry has created a system that cannot protect users even after theft is discovered. Some services actually profited from this crime, charging millions in fees while handling laundered stolen funds.
In February 2025, investigators ZachXBT and Tanuki42 revealed that Coinbase users lose over $300 million annually due to social engineering attacks. Their report showed that in December 2024 and January 2025 alone, $65 million was lost through phishing and other social manipulation tactics. According to the investigators, Coinbase failed to address known security vulnerabilities in its API keys and verification systems, allowing these targeted attacks to succeed.
ZachXBT directly criticized the exchange, stating that "customer service agents are useless" and failed to properly report stolen addresses to blockchain monitoring tools, making it harder to trace stolen funds. One scammer even admitted that they specifically targeted wealthy users, claiming these users earn at least five figures weekly.
These are not isolated cases. The FBI reported that in 2023, the average cryptocurrency user lost over $5.6 billion to scams, with at least half of the cases driven by social engineering. In the U.S. alone, approximately $2 to $3 billion is lost annually due to human vulnerability attacks. With over 600 million cryptocurrency users globally, it is conservatively estimated that personal losses due to social engineering will range from $6 billion to $15 billion in 2024.
Barriers to adoption
Currently, 37% of cryptocurrency users worldwide believe that security issues are the main barrier to cryptocurrency adoption. Meanwhile, the industry continues to promote high-risk speculative assets, such as memecoins, where ordinary users often lose money while insiders profit.
Despite founders promoting financial freedom, millions of real people have lost their savings due to vulnerabilities that the industry refuses to address. These issues reflect a fundamental problem: cryptocurrency builders have chosen marketing over security.
When disasters occur and they face pressure regarding security failures, cryptocurrency leaders hide behind the blockchain principle of "code is law," engaging in philosophical debates about self-sovereignty and personal responsibility. The cryptocurrency industry loves to blame ordinary users: "Don't store keys online," "Check addresses before sending," "Never open suspicious files."
No one is safe
Even industry leaders themselves can fall victim to the same basic attacks. In January 2024, Ripple co-founder Chris Larsen lost 283 million XRP by storing his private keys in an online password manager. DeFiance Capital founder Arthur_0x lost $1.6 million in NFTs and cryptocurrencies simply by opening a phishing PDF file.
These individuals are not naive beginners—they are creators and experts of this system, yet the system cannot even protect them. They know all the security rules, but human factors are inevitable. If even system architects can lose millions, what chance do ordinary users have?
Knowledge of security rules does not provide complete protection, as fever, stress, lack of sleep, or emotional distress can severely impact our decision-making abilities. Attackers constantly test different methods, waiting for users' vulnerable moments. They continuously evolve their tactics, creating increasingly convincing scenarios, disguises, and emergencies.
The immutable nature of blockchain transactions requires unusual protective measures—not reductions. If users cannot reverse mistakes or theft, the system must prevent them from the start. True innovation means building systems that are suitable for real humans, not theoretically perfect users. Banks took centuries to learn this lesson. Cryptocurrency builders must learn it faster.
Instead, industry leaders seem disconnected from reality due to the rapidly accumulated wealth. They adhere to their public relations narratives, viewing themselves as geniuses and beginning to see themselves as visionary revolutionaries.
Call to action
Vitalik Buterin teaches his audience how to vote in elections and polishes his manifesto, while Justin Sun spends $6.2 million on a banana to experience a "unique artistic experience"—and these individuals are building an error-prone environment. This practice is fundamentally dishonest. You cannot claim to revolutionize the financial system while providing worse security than the system you are replacing.
If a system can easily facilitate the theft of billions of dollars from ordinary users and systemic fraud, what technical excellence can it claim? As a core function, true technological excellence should include protecting users from permanent economic loss. A financial system that cannot ensure the safety of user assets is not technically advanced; it is fundamentally incomplete.
It is time to stop writing manifestos and promoting dubious public relations gimmicks to attract a broader, more vulnerable audience. Start building genuine protective measures that match the level of risk users face. If ordinary people cannot avoid immediate, permanent economic loss when using blockchain systems, then no amount of blockchain innovation will help.
Any unrealistic innovation is merely a reckless experiment disguised as a revolution, sacrificing user interests for the benefit of founders and insiders while placing all the risks on ordinary people.
If the industry does not address this issue, regulators will, and you will not like their solutions. When licenses are revoked and businesses are shut down, your philosophical arguments about self-sovereignty will not matter.
This is the choice facing cryptocurrency builders: either create truly secure systems that demonstrate your commitment to financial innovation, or watch as regulators turn your "revolutionary technology" into another heavily regulated financial service. Time is running out.
Opinion: Andrey Sergeenkov, researcher, analyst, and writer
This article is for general informational purposes only and should not be considered legal or investment advice. The views, thoughts, and opinions expressed in this article are solely those of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Related: Every Chain is an Island: The Liquidity Crisis in Cryptocurrency
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
