Stop Pretending Technical and Human Vulnerabilities Are Separate Things

Stop Pretending Technical and Human Vulnerabilities Are Separate Things

Crypto's biggest promise is financial freedom, but its greatest flaw is security. It's time to stop blaming users and start building systems that protect them.

Crypto founders love big promises: decentralized finance, banking the unbanked, and freedom from intermediaries. Then hacks happen. In some cases, billions vanish overnight. On February 21, 2025, the North Korean Lazarus Group stole $1.46 billion from Bybit. They sent phishing emails to staff with cold wallet access.

After compromising these accounts, they accessed Bybit's interface and replaced the multisignature wallet contract with their malicious version. When Bybit attempted a routine transfer, the hackers redirected 499,000 Ether (ETH) to addresses they controlled. This wasn't just a human error. This was a design failure.

A system that allows human factors to enable a billion-dollar theft isn't innovative — it's irresponsible. In just 10 days, the hackers converted all 499,000 ETH into untraceable funds, using THORChain as their primary channel. The decentralized exchange processed a record $4.66 billion in swaps in a week but implemented no safeguards against suspicious activity.

The crypto industry has created a system that cannot protect users even after they discover a theft. Some services actually profited from this crime, collecting millions in fees while processing the laundering of stolen funds.

Recent Examples

In February 2025, investigators ZachXBT and Tanuki42 revealed that Coinbase users lost over $300 million annually to social engineering attacks.

According to their report, $65 million was stolen through phishing and other social manipulation techniques in December 2024 and January 2025. The investigators criticized Coinbase for failing to address known security vulnerabilities in their API keys and verification systems that make these human-targeted attacks successful.

ZachXBT directly criticized the exchange for having "useless customer support agents" and failing to properly report theft addresses to blockchain monitoring tools, making stolen funds harder to track.

Global Impact

The US Federal Bureau of Investigation reported that cybercrime costs the global economy an estimated $3 trillion in 2020. In the United States alone, the average person loses approximately $1,500 per year due to identity theft and online scams.

A Call to Action

It's time for crypto builders to stop writing manifestos and promoting questionable PR stunts designed to attract a broader and more vulnerable audience. Start building genuine protections that match the level of risk your users face.

No amount of blockchain innovation matters if ordinary people cannot use these systems without fear of instant, permanent financial loss. Anything less is just reckless experimentation at users' expense disguised as a revolution — a scheme that enriches founders and insiders while ordinary people bear all the risks.

The Consequences of Inaction

If the industry doesn't solve this problem, regulators will — and you won't like their solutions. Your philosophical arguments about self-sovereignty won't matter when licenses are revoked and operations shut down.

The clock is ticking. It's time for crypto builders to create truly secure systems that justify your claims about financial innovation or watch as regulators transform your "revolutionary technology" into another heavily regulated financial service.