Opinion by: Andrey Sergeenkov, researcher, analyst and writer

Crypto founders love big promises: decentralized finance, banking the unbanked and freedom from intermediaries. Then hacks happen. In some cases, billions vanish overnight. 

On Feb. 21, 2025, the North Korean Lazarus Group stole $1.46 billion from Bybit. They sent phishing emails to staff with cold wallet access. After compromising these accounts, they accessed Bybit’s interface and replaced the multisignature wallet contract with their malicious version. When Bybit attempted a routine transfer, the hackers redirected 499,000 Ether (ETH) to addresses they controlled.

This wasn’t just a human error. This was a design failure. A system that allows human factors to enable a billion-dollar theft isn’t innovative — it’s irresponsible.

People are not protected

In just 10 days, the hackers converted all 499,000 ETH into untraceable funds, using THORChain as their primary channel. The decentralized exchange processed a record $4.66 billion in swaps in a week but implemented no safeguards against suspicious activity.

The crypto industry has created a system that cannot protect users even after they discover a theft. Some services actually profited from this crime, collecting millions in fees while processing the laundering of stolen funds.

Recent: SafeWallet releases Bybit hack post-mortem report

In February 2025, investigators ZachXBT and Tanuki42 revealed that Coinbase users lost over $300 million annually to social engineering attacks. Their report showed $65 million stolen through phishing and other social manipulation techniques in December 2024 and January 2025. According to the investigators, Coinbase failed to address known security vulnerabilities in their API keys and verification systems that make these human-targeted attacks successful. 

ZachXBT directly criticized the exchange for having “useless customer support agents” and failing to properly report theft addresses to blockchain monitoring tools, making stolen funds harder to track. One scammer even admitted to targeting wealthy users, claiming they make at least five figures a week.

These aren’t isolated cases. The US Federal Bureau of Investigation reported that ordinary crypto users lost over $5.6 billion to fraud in 2023, and social engineering drove at least half of these schemes. Americans alone lose approximately $2 billion–$3 billion annually to human vulnerability attacks. With over 600 million crypto users worldwide, conservative estimates put individual losses from social engineering at $6 billion–$15 billion in 2024. 

Barrier to adoption

Security concerns are now recognized as the main barrier to adoption by 37% of crypto users worldwide. Meanwhile, the industry continues to promote high-risk speculative assets like memecoins, where average users typically lose money while insiders profit.

While founders pitch financial freedom, millions of real people lose their savings through vulnerabilities the industry refuses to address. They’re symptoms of a fundamental problem: Crypto builders choose marketing over security.

When disasters happen, and they face pressure about security failures, crypto leaders hide behind blockchain’s “code is law” principle and offer philosophical arguments about self-sovereignty and personal responsibility. The crypto industry loves to blame ordinary users: “Don’t store keys online,” “Check addresses before sending,” “Never open suspicious files.”

Nobody is safe

Even industry leaders themselves fall victim to the same basic attacks. In January 2024, Ripple co-founder Chris Larsen lost 283 million XRP (XRP) due to storing private keys in an online password manager. DeFiance Capital founder Arthur_0x lost $1.6 million in non-fungible tokens (NFTs) and cryptocurrency simply by opening a phishing PDF file. 

These people aren’t naive beginners — they’re creators and experts of the very system that could not protect even them. They know all the security rules, but the human factor is inevitable. If even the system architects lose millions, what chance do ordinary users have?

Knowledge of security rules doesn’t provide complete protection because fever, stress, sleep deprivation or emotional distress severely affect our decision-making abilities. Attackers continuously test different approaches, waiting for moments when users become vulnerable. They evolve their tactics constantly, creating increasingly convincing scenarios, impersonations and urgent situations. 

The unchangeable nature of blockchain transactions demands extraordinary safeguards — not fewer. If users can’t reverse mistakes or thefts, the system must prevent them in the first place. True innovation means building systems that work for real humans, not theoretically perfect users. Banks learned this lesson over centuries. Crypto builders must learn it faster.

Instead, industry leaders seem to have lost touch with reality due to the extreme wealth dumped on them quickly. They’ve bought into their PR narrative, portraying them as geniuses, and started viewing themselves as visionaries.

A call to action

Vitalik Buterin lectures his audience on voting in elections and polishes his manifesto, while Justin Sun spends $6.2 million on a banana for a “unique artistic experience” — all while building an environment that makes dangerous mistakes easy to make. This approach is fundamentally dishonest. You can’t claim to revolutionize finance while providing less security than the systems you’re replacing.

What technical brilliance exists in systems that permit billion-dollar thefts and systematic fraud of ordinary users with such ease? As a core function, true technical excellence would include protecting users from permanent financial loss. A financial system that cannot secure its users’ assets is not technically advanced — it’s fundamentally incomplete.

It’s time to stop writing manifestos and promoting questionable PR stunts designed to attract a broader and more vulnerable audience. Start building genuine protections that match the level of risk your users face. No amount of blockchain innovation matters if ordinary people cannot use these systems without fear of instant, permanent financial loss.

Anything less is just reckless experimentation at users’ expense disguised as a revolution — a scheme that enriches founders and insiders while ordinary people bear all the risks.

If the industry doesn’t solve this problem, regulators will — and you won’t like their solutions. Your philosophical arguments about self-sovereignty won’t matter when licenses are revoked and operations shut down.

This is the choice crypto builders face: Either create truly secure systems that justify your claims about financial innovation or watch as regulators transform your “revolutionary technology” into another heavily regulated financial service. The clock is ticking.

Opinion by: Andrey Sergeenkov, researcher, analyst and writer.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Japan’s finance regulator is planning to change the country’s laws to classify cryptocurrencies as financial products as early as 2026, according to the local outlet Nikkei.

The Financial Services Agency (FSA) plans to submit a bill to parliament to revise the Financial Instruments and Exchange Act as early as next year after having considered the changes through internal study groups, Nikkei reported on March 30 without citing a source.

The outlet reported that the details are still being finalized, but the change would see cryptocurrencies likely put under insider trading laws that currently apply to other financial products, such as stocks, which outlaw trades based on insider information.

However, cryptocurrencies are likely to be put in a separate category from securities such as stocks and bonds.

If the changes go through and crypto is regulated under the country’s finance laws, companies offering crypto would have to register with the FSA.

Nikkei reported that the regulator plans to enforce the new rules regardless of whether a company operates in Japan, but it was unclear how the laws would be enforced against overseas entities.

Also unclear was what cryptocurrencies would be regulated and how distinctions would be made between widely traded assets such as Bitcoin (BTC) and Ether (ETH) compared to speculative and high-risk tokens such as memecoins.

The FSA’s headquarters is in central Tokyo, just across the street from the Ministry of Finance. Source: Wikimedia

The reported upcoming change comes amid a wave of pro-crypto moves made by Japan’s regulators and government.

Related: USDC stablecoin receives approval for use in Japan, says Circle 

Earlier this month, the country issued its first license allowing a company to deal with stablecoins to SBI VC Trade, a subsidiary of the local financial conglomerate SBI, which said it was preparing to support Circle’s USDC (USDC).

The country’s ruling Liberal Democracy Party also moved ahead with reforms to slash the capital gains tax on crypto from 55% to 20% and categorize digital assets as a distinct asset class.

In February, local reports said the FSA was looking to lift a ban on crypto-based exchange-traded funds (ETFs) to align with the policy position of Hong Kong, which approved crypto ETFs for trading in April 2024.

Asia Express: Bitcoiner sex trap extortion? BTS firm’s blockchain disaster 

Crypto exchange users in South Korea have crossed over 16 million after receiving a boost following US President Donald Trump’s election win last November. 

Data submitted to representative Cha Gyu-geun of the minor opposition Rebuilding Korea Party found over 16 million people had crypto exchange accounts out of a total population of 51.7 million, according to a March 30 report from local news agency Yonhap. 

This would be equivalent to over 30% of the population. 

All the data was taken from the top five domestic virtual exchanges in South Korea: Upbit, Bithumb, Coinone, Korbit and Gopax. Individuals with multiple accounts were only counted once.

Industry officials are reportedly speculating the number of crypto users could hit 20 million by the end of the year, with one unnamed official being cited by Yonhap saying:

“Some believe the crypto market has reached a saturation point, but there is still an endless possibility for growth compared with the matured stock market.” 

Following Trump’s election win last November, the number of crypto users spiked by over 600,000 to 15.6 million, collectively holding 102.6 trillion South Korean won ($70.3 billion) in crypto assets.

Investors in South Korea’s crypto market had 102.6 trillion South Korean Won ($70.3 billion) in crypto assets as of last December. Source: Yonhap News

The number of crypto investors exceeded 14 million in March 2024, according to Yonhap.

Meanwhile, Korea’s Securities Depository shows only 14.1 million listed individual investors in the stock market as of December last year, according to the South Korean financial publication the Maeil Business Newspaper.

Related: South Korea inches closer to Bitcoin ETF decision, looks to Japan as example

South Korean public officials have also reported holding and investing in crypto. 

The country’s Ethics Commission for Government Officials disclosed on March 27 that 20% of surveyed public officials hold 14.4 billion won ($9.8 million) in crypto, representing 411 of the 2,047 officials subjected to the country’s disclosure requirements to hold crypto assets. 

The highest amount disclosed was 1.76 billion won ($1.2 million) belonging to Seoul City Councilor Kim Hye-young. 

Meanwhile, on March 26, the Financial Intelligence Unit of the South Korean Financial Services Commission published a list of 22 unregistered platforms and 17 that were blocked from the Google Play store. 

Magazine: Crypto fans are obsessed with longevity and biohacking: Here’s why