The Bybit hack has once again exposed the glaring weaknesses in crypto security, raising urgent questions about the industry’s preparedness against increasingly sophisticated cyber threats. While many in the crypto space remain optimistic about the future, Matthias, a well-known figure in the industry and host of The CoinRock Show, believes that the current state of crypto security is nowhere near as strong as it needs to be.
“We like to think of crypto as decentralized, secure, and untouchable, but the reality is that the industry is still playing catch-up when it comes to security,” Matthias stated during a discussion on the Bybit hack.
With billions of dollars lost annually to hacking incidents, the crypto sector faces a hard truth: without serious improvements in security measures, trust and adoption could suffer irreparable damage.
Hacks Are Getting Bigger and More Sophisticated
The numbers paint a grim picture. According to blockchain security firm CertiK, over $3.7 billion was stolen from crypto exchanges, DeFi protocols, and investors in 2023 alone. This marked a 25% increase from 2022, signaling that hacker sophistication is outpacing security improvements. Notably, 70% of these attacks targeted DeFi platforms, with private key leaks and social engineering emerging as primary attack vectors.
This trend shows no sign of slowing down, as hackers now use more advanced techniques, including multi-stage phishing campaigns, deepfake scams, backdoor exploits, and zero-day vulnerabilities. The infamous North Korean hacking group Lazarus, responsible for over $1.7 billion in stolen crypto in 2022, continues to evolve its methods, making tracking and attribution increasingly difficult.
One of the most concerning aspects of the Bybit hack was how seamlessly the attackers infiltrated the system. Unlike traditional hacks that rely on direct exploits of a smart contract or exchange system, this breach targeted individuals responsible for authorizing high-value transactions.
The attackers didn’t just break into a network—they exploited human error through social engineering, gaining access to critical multi-signature wallets used for securing funds. This technique mirrors previous high-profile exchange breaches, such as the 2020 KuCoin hack, where hackers used leaked employee credentials to gain control over withdrawal processes.
Matthias emphasized that the biggest weakness in crypto security isn’t just the technology—it’s the human factor. A report from IBM Security in 2023 revealed that over 95% of cyberattacks involve human error, whether through phishing, credential leaks, or misconfigured security settings. This reinforces the need for better security training, enhanced verification processes, and reduced reliance on human decision-making for critical transactions.
“We talk about blockchain being secure, but blockchains don’t get hacked—people do. The weakest link is always human error, and until we address that, we’ll keep seeing billion-dollar hacks,” Matthias stated.
This is a stark reminder that security in the crypto space goes beyond encryption and multi-sig wallets. Exchanges must implement continuous security training for employees, enforce stricter authentication protocols, and integrate AI-driven anomaly detection systems to minimize human mistakes. Without these improvements, the industry will remain vulnerable to increasingly aggressive cyber threats.
Why Most Exchanges Are Vulnerable?
Many centralized exchanges (CEXs) promote their security infrastructure, emphasizing cold storage solutions, multi-signature authentication, and advanced monitoring systems. However, the Bybit hack revealed a harsh reality—even the largest platforms remain highly vulnerable. Despite security claims, hackers continue to breach centralized exchanges, exploiting weak internal controls, social engineering vulnerabilities, and mismanaged security protocols.
According to data from Chainalysis, centralized exchanges have lost over $10 billion to hacks since 2011, with many never fully recovering. In 2023 alone, more than $1.7 billion was stolen from centralized platforms, showing a disturbing trend of increasing attacks. Some of the most infamous exchange failures highlight how a lack of security preparation leads to catastrophic losses.
The collapse of Mt. Gox in 2014, once handling 70% of global Bitcoin transactions, resulted in the loss of 850,000 BTC (worth over $47 billion today) due to internal mismanagement and missing funds. Similarly, the KuCoin hack in 2020 exploited hot wallet vulnerabilities to steal over $280 million, while Binance’s 2019 hack saw attackers bypass security measures to steal 7,000 BTC (worth $40 million at the time). The FTX disaster in 2022 further exposed the industry’s lack of accountability, leading to a $9 billion shortfall in customer funds due to mismanagement and fraud.
Despite these repeated failures, the industry remains reactive rather than proactive. Security improvements often come after an exchange has already been compromised, instead of being implemented as a preventative measure. Matthias warned that crypto security is still treated as an afterthought, rather than a fundamental priority.
“Security in crypto often feels like an afterthought. Exchanges wait until a hack happens before making changes. By then, the damage is already done.”
A study by Deloitte found that only 42% of crypto exchanges conduct regular cybersecurity stress tests, compared to 94% of traditional banks. This huge gap in security measures leaves billions in user funds vulnerable to increasingly sophisticated cyber threats. Without stringent security protocols, CEXs become prime targets for hackers, who exploit both technical flaws and human weaknesses.
This lack of preparedness has created a dangerous cycle. First, a hack occurs, leading to millions (or billions) in stolen user funds. Then, investors panic, resulting in mass withdrawals and liquidity crises. In response, exchanges promise to strengthen security, yet often fail to take meaningful action before the next breach happens. This endless repetition has eroded trust in centralized platforms, pushing more users toward self-custody solutions and decentralized finance (DeFi).
Crypto security needs to break this cycle before another billion-dollar disaster unfolds. As attacks become more sophisticated and coordinated, waiting for the next hack to react is no longer an option. Exchanges must proactively implement advanced security measures, conduct regular stress tests, and strengthen user awareness programs to protect their platforms. Without these steps, the industry risks repeating its past mistakes—only this time, the financial losses could be even greater.
Lessons to Learn from Bybit
Despite being the third-largest crypto exchange, Bybit was still successfully targeted in a highly sophisticated attack. However, their response set them apart from many previous incidents. Unlike other hacked exchanges that delayed communication or downplayed the situation, Bybit’s CEO Ben Zhou went live within hours, addressing the community in real time and explaining the situation with full transparency. This immediate response helped retain user trust and prevent mass panic, which is often the catalyst for bank runs and liquidity crises following major exchange hacks.
Matthias argues that this level of transparency should be the industry standard, not an exception. Most exchanges follow a reactive approach, issuing PR statements days or weeks after an attack, which fuels uncertainty among investors. Crisis management and transparency are critical components of long-term security, yet many exchanges still fail to adopt proper response mechanisms.
A study by PwC found that only 37% of crypto companies have a formalized incident response plan, compared to 96% of traditional financial institutions. This alarming gap in security readiness leaves crypto platforms vulnerable to long-term reputational damage and financial losses in the event of a hack.
Moreover, a 2023 cybersecurity report by IBM revealed that companies with an effective incident response plan reduce breach costs by up to 58%, demonstrating how preparedness directly impacts financial recovery.
In contrast, exchanges that fail to respond quickly often face severe consequences. The infamous FTX collapse in 2022 saw over $9 billion in customer funds go missing, with no clear communication from its leadership for weeks. Similarly, the Mt. Gox exchange hack in 2014, which resulted in the loss of 850,000 BTC, led to years of legal battles and unfulfilled repayment promises, eroding trust in centralized platforms.
Bybit’s handling of the situation may serve as a benchmark for future security incidents, but unless more exchanges proactively adopt transparent crisis response strategies, the industry will continue to suffer from uncertainty, mistrust, and unnecessary financial damage.
Matthias’ Recommendations for Crypto Security
The crypto industry cannot afford to keep repeating the same mistakes. Matthias outlined several crucial steps that exchanges, DeFi platforms, and investors must take to improve security and restore trust:
1. Mandatory Security Audits and Real-Time Monitoring
Exchanges need to regularly undergo third-party security audits, similar to how traditional financial institutions are subject to regulatory checks. Blockchain forensic tools should be used to continuously monitor transaction patterns, identifying suspicious activities before they escalate into full-scale breaches.
2. A Shift Toward Hardware-Based Authentication
Many security failures stem from weak authentication methods. SIM-swapping attacks, phishing scams, and compromised credentials have resulted in millions in losses. Matthias stresses the need for hardware-based authentication like YubiKeys, which provides physical security layers that are nearly impossible to replicate remotely.
3. Better User Education and Security Awareness
Exchanges should invest in user education, making security best practices mandatory learning for account holders. Many investors still fall for phishing scams and fake websites, losing access to their funds because they are unaware of basic precautions.
4. Industry-Wide Insurance for Crypto Hacks
A major roadblock for investor confidence is the lack of reimbursement after major hacks. Unlike traditional banking institutions where deposits are insured, crypto exchanges often leave users to bear the full brunt of losses. Matthias believes an industry-wide insurance fund, similar to the FDIC in traditional banking, could offer users protection and trust in the ecosystem.
The Crypto Industry Must Evolve
The Bybit hack serves as yet another warning sign that crypto security must be taken more seriously. As hackers continue to develop more advanced methods, exchanges, traders, and investors must evolve with them.
Matthias summed it up with a simple but crucial takeaway:
“The crypto industry wants mass adoption, but that won’t happen until people feel safe. If we don’t fix security now, regulators will do it for us—and that won’t be good for anyone.”
The next big hack isn’t a question of ‘if’ but ‘when’. The only way to survive and grow in this space is to stop ignoring security gaps, build better defenses, and take action before disaster strikes.
