Cybersecurity in the crypto industry remains weak despite record hacks

Budorin argues that crypto companies need to adopt the experience of traditional businesses, where multi-level security systems are implemented. He emphasizes the importance of supply chain control, operational risk assessment, and adaptation of security measures to the specifics of blockchain technologies. This approach has long been used by large Web2 companies and should become the standard in the Web3 sector as well.

Some changes have occurred since the February incident. For example, the Chainalysis analytical platform has become more responsive to theft of funds — it now blacklists wallets associated with stolen assets almost in real time. Previously, this took up to three days, which gave hackers the opportunity to cash out or “launder” the cryptocurrency.

After the Bybit hack, criminals managed to clear the assets in about ten days using popular mixers and decentralized platforms, including CryptoMixer, Tornado Cash, Railgun, Wasabi, THORChain, eXch, Lombard, LI.FI, Stargate, and SunSwap.

According to PeckShield, in April 2025 alone, the crypto industry lost $357 million as a result of 18 attacks. This is almost ten times more than in March. However, the main damage — over $330 million — was caused by one phishing attack, during which 3,520 BTC were stolen from an elderly American investor. The attackers used social engineering methods to access his crypto wallet.

Other serious incidents in April included an attack on the Loopscale DeFi protocol ($5.8 million) and a hack of a smart contract associated with the ZKsync airdrop (about $5 million). PeckShield and CertiK experts have recorded an increase in the number of phishing attacks, which indicates a change in hacker tactics.

Since the beginning of 2024, the total damage from crypto hacks has exceeded $3.83 billion, with centralized exchanges and DeFi projects remaining the main targets.