Connect with us

Published

on

Stop pretending technical and human vulnerabilities are separate things

Opinion by: Andrey Sergeenkov, researcher, analyst and writer

Crypto founders love big promises: decentralized finance, banking the unbanked and freedom from intermediaries. Then hacks happen. In some cases, billions vanish overnight. 

On Feb. 21, 2025, the North Korean Lazarus Group stole $1.46 billion from Bybit. They sent phishing emails to staff with cold wallet access. After compromising these accounts, they accessed Bybit’s interface and replaced the multisignature wallet contract with their malicious version. When Bybit attempted a routine transfer, the hackers redirected 499,000 Ether (ETH) to addresses they controlled.

This wasn’t just a human error. This was a design failure. A system that allows human factors to enable a billion-dollar theft isn’t innovative — it’s irresponsible.

People are not protected

In just 10 days, the hackers converted all 499,000 ETH into untraceable funds, using THORChain as their primary channel. The decentralized exchange processed a record $4.66 billion in swaps in a week but implemented no safeguards against suspicious activity.

The crypto industry has created a system that cannot protect users even after they discover a theft. Some services actually profited from this crime, collecting millions in fees while processing the laundering of stolen funds.

Recent: SafeWallet releases Bybit hack post-mortem report

In February 2025, investigators ZachXBT and Tanuki42 revealed that Coinbase users lost over $300 million annually to social engineering attacks. Their report showed $65 million stolen through phishing and other social manipulation techniques in December 2024 and January 2025. According to the investigators, Coinbase failed to address known security vulnerabilities in their API keys and verification systems that make these human-targeted attacks successful. 

ZachXBT directly criticized the exchange for having “useless customer support agents” and failing to properly report theft addresses to blockchain monitoring tools, making stolen funds harder to track. One scammer even admitted to targeting wealthy users, claiming they make at least five figures a week.

These aren’t isolated cases. The US Federal Bureau of Investigation reported that ordinary crypto users lost over $5.6 billion to fraud in 2023, and social engineering drove at least half of these schemes. Americans alone lose approximately $2 billion–$3 billion annually to human vulnerability attacks. With over 600 million crypto users worldwide, conservative estimates put individual losses from social engineering at $6 billion–$15 billion in 2024. 

Barrier to adoption

Security concerns are now recognized as the main barrier to adoption by 37% of crypto users worldwide. Meanwhile, the industry continues to promote high-risk speculative assets like memecoins, where average users typically lose money while insiders profit.

While founders pitch financial freedom, millions of real people lose their savings through vulnerabilities the industry refuses to address. They’re symptoms of a fundamental problem: Crypto builders choose marketing over security.

When disasters happen, and they face pressure about security failures, crypto leaders hide behind blockchain’s “code is law” principle and offer philosophical arguments about self-sovereignty and personal responsibility. The crypto industry loves to blame ordinary users: “Don’t store keys online,” “Check addresses before sending,” “Never open suspicious files.”

Nobody is safe

Even industry leaders themselves fall victim to the same basic attacks. In January 2024, Ripple co-founder Chris Larsen lost 283 million XRP (XRP) due to storing private keys in an online password manager. DeFiance Capital founder Arthur_0x lost $1.6 million in non-fungible tokens (NFTs) and cryptocurrency simply by opening a phishing PDF file. 

These people aren’t naive beginners — they’re creators and experts of the very system that could not protect even them. They know all the security rules, but the human factor is inevitable. If even the system architects lose millions, what chance do ordinary users have?

Knowledge of security rules doesn’t provide complete protection because fever, stress, sleep deprivation or emotional distress severely affect our decision-making abilities. Attackers continuously test different approaches, waiting for moments when users become vulnerable. They evolve their tactics constantly, creating increasingly convincing scenarios, impersonations and urgent situations. 

The unchangeable nature of blockchain transactions demands extraordinary safeguards — not fewer. If users can’t reverse mistakes or thefts, the system must prevent them in the first place. True innovation means building systems that work for real humans, not theoretically perfect users. Banks learned this lesson over centuries. Crypto builders must learn it faster.

Instead, industry leaders seem to have lost touch with reality due to the extreme wealth dumped on them quickly. They’ve bought into their PR narrative, portraying them as geniuses, and started viewing themselves as visionaries.

A call to action

Vitalik Buterin lectures his audience on voting in elections and polishes his manifesto, while Justin Sun spends $6.2 million on a banana for a “unique artistic experience” — all while building an environment that makes dangerous mistakes easy to make. This approach is fundamentally dishonest. You can’t claim to revolutionize finance while providing less security than the systems you’re replacing.

What technical brilliance exists in systems that permit billion-dollar thefts and systematic fraud of ordinary users with such ease? As a core function, true technical excellence would include protecting users from permanent financial loss. A financial system that cannot secure its users’ assets is not technically advanced — it’s fundamentally incomplete.

It’s time to stop writing manifestos and promoting questionable PR stunts designed to attract a broader and more vulnerable audience. Start building genuine protections that match the level of risk your users face. No amount of blockchain innovation matters if ordinary people cannot use these systems without fear of instant, permanent financial loss.

Anything less is just reckless experimentation at users’ expense disguised as a revolution — a scheme that enriches founders and insiders while ordinary people bear all the risks.

If the industry doesn’t solve this problem, regulators will — and you won’t like their solutions. Your philosophical arguments about self-sovereignty won’t matter when licenses are revoked and operations shut down.

This is the choice crypto builders face: Either create truly secure systems that justify your claims about financial innovation or watch as regulators transform your “revolutionary technology” into another heavily regulated financial service. The clock is ticking.

Opinion by: Andrey Sergeenkov, researcher, analyst and writer.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Continue Reading

Politics

SEC drops investigation into PayPal’s stablecoin

Published

on

By

SEC drops investigation into PayPal’s stablecoin

SEC drops investigation into PayPal’s stablecoin

PayPal says the US Securities and Exchange Commission has abandoned its investigation into the payment giant’s US-dollar stablecoin.

PayPal said in an April 29 regulatory filing that the SEC concluded its investigation into PayPal USD (PYUSD) and wouldn’t be taking any action.

The company said it received a subpoena from the SEC’s Division of Enforcement over its stablecoin in November 2023. 

“The subpoena requests the production of documents. We are cooperating with the SEC in connection with this request,” PayPal stated at the time.

In its latest filing, the firm said the SEC notified it in February that the agency “was closing this inquiry without enforcement action.”

PayPal has said its stablecoin is 100% redeemable for US dollars and “fully backed” by dollar deposits, including short-term treasuries and cash equivalents. 

However, the stablecoin has struggled to gain momentum in a crowded market dominated by rivals Tether and Circle. PYUSD has a market capitalization of just $880 million, less than 1% of Tether’s (USDT) $148.5 billion.

PayPal’s stablecoin has seen better growth this year with a 75% increase in PYUSD circulating supply since the beginning of 2025, according to CoinGecko. It remains down 14% from its peak supply of just over $1 billion in August 2024. 

SEC drops investigation into PayPal’s stablecoin
PayPal USD market capitalization. Source: CoinGecko

Earnings on PYUSD, Coinbase partnership

That growth could be bolstered by a company announcement on April 23 introducing rewards for PYUSD in a new loyalty offering that will enable US users to earn 3.7% annually for holding the asset on the platform. 

Meanwhile, on April 24, PayPal announced a partnership with Coinbase to increase the adoption of PYUSD. 

“We are excited to drive new, exciting, and innovative use cases together with Coinbase and the entire cryptocurrency community, putting PYUSD at the center,”  said Alex Chriss, PayPal President and CEO.

Related: PayPal to offer 3.7% yield on stablecoin balances: Report

The payments giant also reported robust first-quarter earnings and the completion of significant share repurchase activities. 

The firm beat Wall Street estimates, earning $1.33 per share in the first quarter, topping analyst expectations of $1.16. Revenue rose 1% from a year before to $7.8 billion. 

Magazine: Bitcoin $100K hopes on ice, SBF’s mysterious prison move: Hodler’s Digest

Continue Reading

Politics

BlackRock files to create digital shares tracking one of its money market funds

Published

on

By

BlackRock files to create digital shares tracking one of its money market funds

BlackRock files to create digital shares tracking one of its money market funds

Asset manager BlackRock has filed to create digital ledger technology shares from one of the firm’s money market funds, which will leverage blockchain technology to maintain a mirror record of share ownership for investors.

The DLT shares will track BlackRock’s BLF Treasury Trust Fund (TTTXX), which may only be purchased from BlackRock Advisors and The Bank of New York Mellon (BNY), the firm said in its April 29 Form N-1A filing with the Securities and Exchange Commission.

The money market fund holds over $150 million worth of assets, invested almost entirely in US Treasury bills and cash.

BlackRock said that the shares “are expected to be purchased and held through BNY, which intends to use blockchain technology to maintain a mirror record of share ownership for its customers.”

Unlike the BlackRock USD Institutional Digital Liquidity Fund (BUIDL), DLT shares won’t be tokenized but will instead be used as a transparency tool to verify ownership.

BlackRock will continue to maintain traditional book-entry records as the official ownership ledger.

BlackRock didn’t propose a ticker or set a management fee for the DLT shares in its filing.

A minimum initial investment of $3 million worth of DLT is required for institutions seeking to purchase the digital shares.

BlackRock follows Fidelity’s March 21 filing to list an Ethereum-based OnChain share class, which seeks to track the Fidelity Treasury Digital Fund (FYHXX) — an $80 million fund consisting almost entirely of US Treasury bills.

While the OnChain share class filing is pending regulatory approval, Fidelity expects it to take effect on May 30.

Wall Street heavyweights continue to explore blockchain use cases

Asset managers have increasingly turned to blockchain to tokenize Treasury bills, bonds and private credit over the past few years.

Related: BlackRock Bitcoin ETF buys $970M in BTC as inflows surge, boost market

The treasury tokenization market is currently valued at $6.16 billion, led by BlackRock’s BUIDL at $2.55 billion, while the Franklin Templeton-issued Franklin OnChain US Government Money Fund (BENJI) secures over $700 million worth of real-world assets, according to rwa.xyz.

BlackRock files to create digital shares tracking one of its money market funds
Market caps of blockchain-based Treasury products. Source: rwa.xyz

Ethereum remains the chain of choice for tokenizing treasury assets, and currently houses over $4.55 billion worth, while the Stellar network and Solana round out the top three at $474.9 million and $274.5 million, respectively.

The potential of RWA tokenization has also been championed by BlackRock’s CEO, Larry Fink, who believes the technology could revolutionize investing.

Magazine: Ethereum is destroying the competition in the $16.1T TradFi tokenization race

Continue Reading

Politics

US Treasury’s OFAC can’t restore Tornado Cash sanctions, judge rules

Published

on

By

US Treasury’s OFAC can’t restore Tornado Cash sanctions, judge rules

US Treasury’s OFAC can’t restore Tornado Cash sanctions, judge rules

The US Treasury Department’s Office of Foreign Assets Control can’t restore or reimpose sanctions against the crypto mixing service Tornado Cash, a US federal court has ruled.

Austin federal court judge Robert Pitman said in an April 28 judgment that OFAC’s sanctions on Tornado Cash were unlawful and that the agency was “permanently enjoined from enforcing” sanctions.

Tornado Cash users led by Joseph Van Loon had sued the Treasury, arguing that OFAC’s addition of the platform’s smart contract addresses to its Specially Designated Nationals and Blocked Persons (SDN) list was “not in accordance with law.” 

OFAC had sanctioned Tornado Cash in August 2022, accusing the protocol of helping launder crypto stolen by the North Korean hacking collective, the Lazarus Group.

The agency dropped the platform from the sanctions list on March 21 and argued that the matter was “moot” after a court ruled in favor of Tornado Cash in January.

This latest amended ruling prevents OFAC from re-sanctioning Tornado Cash or putting it back on the blacklist.

Initially, the court denied a motion for partial summary judgment and granted in favour of the Treasury. However, the Fifth Circuit reversed the decision and instructed the lower court to grant partial summary judgment to the plaintiffs, which led to the sanctions being revoked. 

In March, the Treasury argued there was no need for a final court judgment in the lawsuit.

US Treasury’s OFAC can’t restore Tornado Cash sanctions, judge rules
An excerpt from Judge Robert Pitman’s ruling. Source: CourtListener

Crypto body petitions White House over Tornado Cash

On April 28, the DeFi Education Fund petitioned White House crypto czar David Sacks to have prosecutors drop charges against Tornado Cash co-founder Roman Storm.

Related: Samourai Wallet, feds ask for time to mull dropping crypto mixer case

Storm was charged in August 2023 with helping launder over $1 billion in crypto through the protocol, and his trial is still set for July.

The group said that the Department of Justice was attempting to hold software developers criminally liable for how others use their code, which they argued was “not only absurd in principle, but it sets a precedent that potentially chills all crypto development in the United States.”

Magazine: Bitcoin $100K hopes on ice, SBF’s mysterious prison move: Hodler’s Digest

Continue Reading

Trending