North Korean hacker groups have been ramping up their activity in the cryptocurrency sphere throughout 2025, exploiting vulnerabilities that highlight a critical weakness in the Web3 landscape: the human element. This year alone, they’ve targeted an astounding $1.5 billion in assets at Bybit with credential-harvesting campaigns, successfully laundering millions. Such attacks underscore a troubling trend—these actors are increasingly bypassing complex smart contract vulnerabilities, opting instead to exploit basic operational security lapses.
The Human Factor: Web3’s Achilles’ Heel
In 2025, the realm of decentralized finance (DeFi) is learning a harsh lesson: even the most fortified smart contracts can’t protect against human error. North Korean-affiliated cyber operatives have shifted their tactics, focusing on the operational vulnerabilities of decentralized teams. Their methods are varied, from deploying malware on popular crypto wallets like MetaMask and Trust Wallet to infiltrating exchanges via fake job applications. As detailed in North Korean Hackers Are Targeting Top Crypto Firms With Malware Hidden in Job Applications, these deceptive tactics have become a hallmark of their strategy. According to Oak Security, which has conducted over 600 audits across major ecosystems, the real gap lies in operational security (OPSEC), not the code itself. “For all the money and talent poured into smart contract security, most DeFi projects still fail the basics of operational security,” remarked an Oak Security spokesperson.
The Ronin bridge exploit of 2022, where $625 million was siphoned off, was an early wake-up call. However, the industry has seemingly struggled to adapt. Many protocols still rely on unsecured communication channels like Discord for treasury governance and onboarding, making them ripe targets for sophisticated adversaries. It’s not about finding zero-day vulnerabilities anymore; it’s about exploiting the human ones.
Lessons from TradFi: Security Through Structure
While DeFi grapples with these challenges, traditional finance (TradFi) institutions have long accepted that cyberattacks are inevitable. Banks and payment institutions frequently weather such storms, rarely collapsing under the weight of a security breach. Their secret? A layered defense strategy and a culture of constant vigilance. This approach includes hardened devices, structured onboarding processes, and rigorous access controls that DeFi lacks.
The contrast is stark. In TradFi, employees don’t access critical systems from personal devices. There’s no room for improvisation when something goes awry—incident responses are well-practiced and documented. Web3, on the other hand, still sees contributors pushing code from unvetted laptops and conducting sensitive discussions on unsecured platforms. The difference is not just procedural—it’s cultural.
Some DeFi projects are beginning to take cues from TradFi, investing in enterprise-grade tooling for key management and structured security programs. However, as it stands, these practices are the exception rather than the rule. “Decentralization is no excuse for negligence,” warned an industry expert. The decentralized model often struggles with tight budgets, fleeting contributors, and a cultural resistance to perceived centralization. Yet, without disciplined cybersecurity measures, these platforms risk turning into a reliable revenue stream for cybercriminals. This is further emphasized in North Korea targets crypto workers with new info-stealing malware, highlighting the ongoing threat to the industry.
A Call for Cultural Shift
The incidents at Bybit and other exchanges signal a pressing need for change. The global economy is increasingly reliant on blockchain infrastructure, and the stakes have never been higher. The solution doesn’t lie in code alone. It’s about fostering a security culture that treats OPSEC as a full-stack responsibility—from the onboarding of contributors to the management of treasuries.
As the lines between traditional and decentralized finance continue to blur, the lessons from TradFi become ever more relevant. DeFi must adopt a similar maturity, enforcing OPSEC playbooks and rigorously vetting contributors. This isn’t just about preventing the next big breach—it’s about ensuring the long-term viability of the decentralized ecosystem itself.
In the end, the message is clear: Web3’s future depends on its ability to safeguard its operations against increasingly sophisticated threats. The time to act is now, before the next breach makes headlines. And as the industry evolves, so too must its approach to security, embracing a culture that prioritizes resilience against both digital and human vulnerabilities.
Source
This article is based on: Decentralized Protocols Are Soft Targets for North Korean Hackers
Further Reading
Deepen your understanding with these related articles:
- North Korea Targets Crypto Professionals With New Malware in Hiring Scams
- How hackers use fake X links to steal crypto, and how to spot them
- Sui DeFi Exchange Cetus Back in Action After $233 Million Exploit
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
