Crypto crimes lost over $2 billion in 2024, with Binance’s security chief stressing the need for a multi-layered security approach. Jimmy Su warns that shady tactics like phishing are eroding user trust. He promotes industry collaboration to combat crime, and urges exchanges to adopt robust security measures, like multi-factor authentication.
In 2024, losses from crypto crimes soared to over $2 billion, according to Chainalysis, marking a concerning new highpoint. The firm also reported a rise in hacking incidents, increasing from 282 in 2023 to 303 in the past year, driven by more advanced techniques. Speaking to Gadgets 360, Binance’s chief security officer, Jimmy Su, strongly advised that crypto firms should employ a multi-layered defence system to safeguard user funds. User trust, he insists, is essential for industry growth, especially as global regulatory frameworks are starting to shift positively towards crypto.
Su noted a troubling trend where criminals have targeted the more intimate Web3 community, exploiting its close connections and reliance on personal recommendations. During his conversation with law enforcement, he highlighted that scammers often impersonate trusted platforms via phishing emails, fraudulent apps, or misleading social media tactics to trick users into revealing critical information or transferring their assets. These attacks, he stressed, are damaging user confidence, particularly for those who are new to the space.
When it comes to security measures, Su emphasised that crypto exchange platforms ought to adopt a comprehensive approach, ensuring ongoing security auditing beyond just occasional checks. He advocates for a rigorous security framework at centralised exchanges, involving both internal and external audits to detect vulnerabilities.
The global Web3 landscape, he argues, needs to embrace collaboration to effectively tackle crime. This perspective aligns with India’s recent G20 presidency efforts to advocate for a unified regulatory framework globally. According to Su, sharing intelligence on threats and vulnerabilities will fortify the ecosystem tremendously, while working with regulatory agencies will align security needs with industry growth.
While frameworks from the International Monetary Fund and the Financial Stability Board are still developing, many nations are ramping up their regulations for crypto. Su acknowledges that keeping the environment secure relies heavily on crypto businesses and their communities. He insists that every crypto exchange and wallet service should implement multi-factor authentication systems, as this is a critical step in thwarting hacking incidents.
Su adds it’s possible to enhance security even with limited resources by using cloud-native services that offer strong built-in protections, relying on cold wallets, and deploying layered defense strategies that include anomaly detection. Transparency is key, he believes, as it builds trust among users.
The Binance executive pointed out that institutions must also incorporate cold storage solutions, regular security audits, and advanced threat detection systems to bolster community confidence. With frequent breaches in Web3 security, users are becoming increasingly aware of preventive measures against hacks. A recent Binance survey indicated that more than half of Asian respondents were keen to engage in platform-led anti-scam initiatives, such as phishing simulations.
Su believes that elevating awareness around security could help users feel more in control of their security practices, which are vital for protecting the overall infrastructure. He also highlighted the importance of educating users about recognising phishing attempts and securing their private keys, empowering them to defend their assets more effectively.
Chainalysis previous reports have labelled decentralised finance, or DeFi, platforms as prime targets for hacks from 2021 to 2023; however, 2024 saw centralised services becoming a focus for criminals. The shift symbolizes the urgent need for mechanisms that safeguard vulnerabilities exploited in these attacks, particularly private keys which accounted for 43.8 percent of stolen assets in 2024.
Amidst the lack of overarching regulation, cybercriminals are ramping up their activities—from January to March 2025, Scam Sniffer revealed that phishing hacks led to $21.9 million in losses, affecting over 22,600 victims in the Web3 space. Efforts are underway in territories like Macau and India, where local crypto firms are collaborating with law enforcement to enhance competency in tackling crypto-related crimes.
Su encourages smaller exchanges to engage actively in industry discussions around threat intelligence and policy developments. He believes that new entrants can fast-track their learning by absorbing the lessons from others’ missteps. To conclude, he underscores the need for the various players in the crypto world to collectively improve security standards, as vulnerabilities at one exchange can have a cascading effect across the industry.
