Cryptocurrency security remains stagnant, according to Hacken CEO Dyma Budorin, despite the industry experiencing significant financial losses from hacking incidents. Speaking candidly at the Token2049 event in Dubai, Budorin highlighted a stubborn adherence to basic security measures like bug bounties and penetration tests, even in the wake of a massive $1.4 billion hack on Bybit. “Most of the projects think, ‘Okay, we did pentests. That’s enough. Maybe bug bounty. That’s enough.’ It’s not enough,” he stated, underscoring the need for more comprehensive, layered security strategies similar to those employed by traditional industries.
Sticking to Old Playbooks
Budorin’s comments come at a time when the crypto industry is grappling with a surge in security breaches. The alarming trend was exemplified by the recent Bybit hack, where vulnerabilities in a safe wallet allowed cybercriminals to pilfer a staggering $1.4 billion. The audacity of the crime was matched only by its swiftness—the stolen funds were laundered in just 10 days. Budorin argues that the industry’s reliance on rudimentary security measures is leaving it vulnerable to such attacks. “In big Web2 companies, this is mandatory,” he remarked, referring to the need for supply-chain and operational security assessments. This sentiment echoes findings from CertiK’s report on the 1,100% spike in crypto losses, highlighting the industry’s ongoing vulnerabilities.
While the industry’s security posture has remained largely unchanged, Budorin noted a modest shift in post-hack strategies. Security firm Chainalysis has introduced near real-time blacklisting of stolen funds—a notable improvement over the previous three-day delay, which allowed hackers ample time to launder ill-gotten gains. “This is great because, previously, [blacklisting] within three days when the funds were moving was obviously nothing,” Budorin commented, acknowledging the incremental progress.
April’s Security Breaches: A Sobering Wake-Up Call
April 2025 proved to be a brutal month for the crypto world, with losses nearing $360 million due to 18 separate hacking incidents, according to blockchain security firm PeckShield. These figures represent a staggering 990% increase from March’s $33 million in losses. The most significant breach involved a $330 million unauthorized Bitcoin transfer. Blockchain investigator ZachXBT flagged this suspicious transaction as a social engineering attack on an elderly individual in the United States.
These incidents are not just numbers on a spreadsheet; they highlight the urgent need for the industry to rethink its approach to security. Despite faster blacklisting efforts, the deeper, more structural risks remain unaddressed. Budorin emphasized that while real-time blacklisting is a step in the right direction, it doesn’t tackle the fundamental vulnerabilities that hackers exploit. “But in terms of the practice, cybersecurity, nothing changed,” he said, pointing to an industry seemingly stuck in its ways.
The Road Ahead: Can the Industry Adapt?
The crypto sector’s ongoing security challenges raise pressing questions about its future resilience. Will the industry continue to cling to outdated security measures, or will it embrace the comprehensive strategies that other sectors have long adopted? As the financial stakes continue to rise, so too does the imperative for change. The introduction of real-time blacklisting is a promising development, but as Budorin suggests, it’s merely a band-aid on a much larger wound. For a broader perspective on the industry’s evolving mindset, see Elliptic’s insights on compliance shifts.
Looking forward, the crypto world must navigate its path with caution. As hacking techniques evolve, so too must the defenses against them. The stakes are high, and the industry’s success—or failure—will hinge on its ability to adapt and innovate in the face of mounting threats. For now, the question remains: Can the industry rise to the challenge, or will it remain ensnared in a cycle of reactive measures? Only time will tell, but the need for action has never been more urgent.
Source
This article is based on: Hacken CEO sees ‘no shift’ in crypto security as April hacks hit $357M
Further Reading
Deepen your understanding with these related articles:
- Multi-wallet usage up 16%, but AI may address crypto fragmentation gap
- Bitcoin is a matter of national security — Deputy CIA director
- US crypto groups urge SEC for clarity on staking
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
