**Securing Digital Assets as Crypto Crime Surges**

The cryptocurrency world has been shaken by a series of high-profile cyberattacks, with the most recent one being the largest known digital-asset theft to date. In February 2025, hackers thought to be linked to North Korea executed a sophisticated supply chain attack on cryptocurrency exchange Bybit, stealing more than $1.5 billion worth of Ethereum. The ripple effects were felt across the cryptocurrency market, with the price of Bitcoin dropping 20% from its record high in January.

The Bybit attack demonstrates how focused sophisticated attackers are on finding ways to break the security measures that guard the crypto ecosystem, says Charles Guillemet, chief technology officer of Ledger, a provider of secure signer platforms. "The attackers were very well organized, they have plenty of money, and they are spending a lot of time and resources trying to attack big stuff, because they can," he says.

But it also shows that the crypto threat landscape has pitfalls not just for the unwary but for the tech-savvy too. Cybercriminals are using techniques like social engineering to target end-users, while also increasingly looking for vulnerabilities to exploit at different points in the cryptocurrency infrastructure.

**The Vulnerabilities of Self-Custody**

One of the advantages of cryptocurrency is self-custody, which allows users to save their private keys—the critical piece of alphanumeric code that proves ownership and grants full control over digital assets—into either a software or hardware wallet to safeguard it. However, users must put their faith in the security of the wallet technology, and because the data is the asset, if the keys are lost or forgotten, the value too can be lost.

“If I hack your credit card, what is the issue? You will call your bank, and they will manage to revert the operations,” says Vincent Bouzon, head of the Donjon research team at Ledger. "The problem with crypto is, if something happens, it's too late. So we must eliminate the possibility of vulnerabilities and give users security.”

**Stablecoins: A Growing Target**

Increasingly, attackers are focusing on digital assets known as stablecoins, a form of cryptocurrency that is pegged to the value of a hard asset or a fiat currency. Stablecoins rely on smart contracts—digital contracts stored on blockchain that use pre-set code to manage issuance, maintain value, and enforce rules—that can be vulnerable to different classes of attacks.

Post-theft countermeasures, such as freezing the transfer of coins and blacklisting of addresses, can lessen the risk with these kinds of attacks. However, software-based wallets, which are applications or programs that run on a user’s computer, phone, or web browser, are often a weak link.

**Hardware Wallets: Not Immune to Vulnerabilities**

Even hardware-based wallets, which often resemble USB drives or key fobs and are more secure than their software counterparts since they are completely offline, can have vulnerabilities that a diligent attacker might find and exploit. Tactics include the use of side-channel attacks, for example, where a cybercriminal observes a system’s physical side effects to gain information about the implementation of an algorithm.

**Securing Digital Assets: A Shared Responsibility**

The responsibility for safeguarding these valuable assets lies on both digital asset solution providers and the users themselves. As the value of cryptocurrencies continues to grow so too will the threat landscape as hackers keep attempting to circumvent new security measures.

Charles Guillemet emphasizes that cybersecurity providers building digital asset solutions need to help minimize the burden on the users by building security features and providing education about enhancing defense. For businesses to protect cryptocurrency, tokens, critical documents, or other digital assets, this could be a platform that allows multi-stakeholder custody and governance, supports software and hardware protections, and allows for visibility of assets and transactions through Web3 checks.

**In-Depth Research: The Key to Proactive Security**

The team at Ledger Donjon are working to understand how to proactively secure the digital asset ecosystem and set global security standards. Their offensive security research uses ethical and white-hat hackers to simulate attacks and uncover weaknesses in hardware wallets, cryptographic systems, and infrastructure.

In November 2022, the Donjon team discovered a vulnerability in Web3 wallet platform Trust Wallet, which had been acquired by Binance. They found that the seed-phrase generation was not random enough, allowing the team to compute all possible private keys and putting as much as $30 million stored in Trust Wallet accounts at risk.

**Key Principles for Digital Asset Protection**

To enhance overall safety, Bouzon suggests three key principles that digital-asset protection platforms should apply:

1. Security providers should create secure algorithms to generate the seed phrases for private keys and conduct in-depth security audits of the software.
2. Users should use hardware wallets with a secure screen instead of software wallets.
3. Any smart contract transaction should include visibility into what is being signed to avoid blind signing attacks.

Ultimately, the responsibility for safeguarding these valuable assets lies on both digital asset solution providers and the users themselves. As the value of cryptocurrencies continues to grow so too will the threat landscape as hackers keep attempting to circumvent new security measures.

**Learn More**

For more information on how to secure your digital assets, visit the Ledger Academy.