Despite a record $1.4 billion hack, the crypto industry, according to Hacken CEO Dyma Budorin, has not shifted its cybersecurity measures significantly. Companies still depend on limited strategies like pentests and bug bounties. Some progress has been noted in their response to hacks, like faster blacklisting of stolen funds, but fundamental structural risks remain unaddressed. Furthermore, April witnessed almost $360 million in crypto thefts, a staggering rise compared to March, with notable incidents impacting individuals directly.
In a recent conversation at the Token2049 event in Dubai, Dyma Budorin, CEO of Hacken, shared his thoughts on the current state of cybersecurity in the crypto industry. Despite the staggering $1.4 billion loss from the Bybit hack, Budorin suggests that companies have not adapted their security strategies in a meaningful way. He believes many are still too reliant on single measures, such as bug bounties and penetration tests, treating them as a cure-all. “Most of the projects think, ‘Okay, we did pentests. That’s enough,” he remarked. “It’s not enough.”
Budorin argues that crypto firms must embrace more robust, multilayered security strategies, akin to those of traditional industries. He emphasized the importance of integrating supply-chain security, operational security, and specific blockchain assessments into their frameworks. “In big Web2 companies, this is mandatory,” he pointed out, showing a clear gap between expectations in these sectors versus crypto.
While the fundamental approach to crypto security hasn’t shifted, Budorin did mention some improvements in post-hack responses. Notably, he highlighted Chainalysis’s new near real-time blacklisting of stolen funds as a positive change. This marks a shift from their previous protocol, where blacklisting took up to three days. “This is great because, previously, hackers had enough time to launder the stolen money through exchanges,” Budorin explained, emphasizing that quick action is crucial.
The Bybit hack, which occurred on February 21 and exploited a vulnerability in a Safe wallet, has set the record for the largest crypto hack ever. Following the breach, it only took hackers ten days to completely launder the stolen $1.4 billion. Budorin reiterated that while faster blacklisting is a move in the right direction, it does not tackle the underlying, structural risks that plague the industry. “But in terms of the practice, cybersecurity, nothing changed,” he lamented.
Moreover, recent reports by blockchain security firm PeckShield indicate that April alone witnessed nearly $360 million in crypto losses, spread across 18 hacking incidents. This represents a shocking 990% increase compared to the $33 million lost in March. A significant part of these losses came from an unauthorized Bitcoin transfer. On April 28, blockchain investigator ZachXBT identified a suspicious transaction of $330 million in BTC, later confirming it resulted from a social engineering attack targeting an elderly victim in the United States.
As the crypto landscape continues to evolve, the need for comprehensive security measures has never been more evident. Without significant changes, the industry remains vulnerable, risking further massive breaches that could shake investor trust. As Budorin underlines, a more detailed approach is essential for the future of crypto security.
