Following bybit’s exchange of exchange on February 21, 2025, the cryptocurrency industry remembers once again concrete consequences when threat actors identify and exploit the vulnerabilities of cryptographic platforms or their supply chains. The attack, which resulted in theft of nearly $ 1.5 billion in ether (ETH), highlights the threat in progress posed by sophisticated cybercriminals, including actors sponsored by the State as those affiliated with the Democratic People’s Republic of Korea (RPDC).
Recent results of our Report on Cryptographic Crime 2025 Revaluating a worrying trend: pirates affiliated to North Korea were responsible for the flight of around $ 660.5 million out of 2023 in 2023. In 2024, this figure increased to $ 1.34 billion out of 47 incidents – an increase of 102.88% of the stolen value. Bybit’s hacking alone represented more than RPDC pirates stolen throughout the previous year, highlighting the urgent need for improved safety measures in the industry.
The good news is that a wide range of measures can be taken to prevent such attacks. Crypto users can take advantage of free resources to check transactions and increase their safety on and out of the channel. For example, accessible GitHub scripts Can help output fields, messages and safe transaction has hooks for crypto in order to compare them easily with the values displayed on the big book material screens.
In this blog, we will discuss the main exchanges of security measures can take to prevent hacks on a large scale, best practices to secure digital assets and how fast response strategies can minimize damage in the event of an attack.
How industry can strengthen its defenses
Based on our conversations with the main information security managers (CISO) in industry, the following elements are some of the main security measures that we see on exchanges:
Web security2
- Termination point detection and response (EDR): Tools like Sentinel And Cowsterrike Can help identify and mitigate potential threats to employee material devices.
- Segregation of computers on the Internet: Lamelly The devices must be devoted solely to the signing of transactions to minimize exposure to external threats.
- Lock the equipment that connects to cold storage: Any device used to access cold wallets must be strongly secure and controlled by aggressively access to avoid unauthorized access.
- Securing the storage of the API key with hardware safety modules (HSMS): HSMs help prevent unauthorized access and ensure cryptographic integrity.
Web 3
- Communication protocols for strict signatories: A dedicated process for communication between signatories ensures that all approvals are correctly contextualized and verified before execution.
- Multipartite calculation portfolios (MPC) with a strong quorum: MPC portfolios, such as those developed by Fire loops And FordéfiReduce dependence on unique failure points in key management.
- Policy controls at the portfolio: Some solutions implement the application of policies directly on portfolios, such as the restriction of individual transfers to a defined limit, as $ 1 million.
- Cosigenarian / transaction validation: Chainalysis Hexagate, which uses automatic learning to provide real-time web3 security solutions that detect and attenuate cyber players, acts as an independent co-signer and a transaction validator to analyze transactions before signing. This layer helps to detect malicious transactions, the anomalies reported and automatically denys high -risk operations before their execution.
- Surveillance and response in real time online: Chain-analysis hexagate constantly follows fund movements to ensure that transactions are in accordance with security policies. This includes verification that funds are only sent to authorized addresses, detection of sizes or models of abnormal transactions and to identify potential compromises. In the event of a safety event, automated attenuation manuals can be automatically triggered, such as moving assets to cold storage, exchange of tokens to reduce exposure or the progress of risky positions. For example, chainysis hexagate was able to use real -time surveillance to see this The attackers stole Cmeth in MantleAnd could therefore alert the coat to suspend the funds.
Why real world security has as much
However, vulnerabilities outside the chain can be just as expensive as chain threats. For example, certain security violations have been linked to North Korean IT workers infiltrating Crypto and Web3 companies using false identities and third-party hiring intermediaries. A recent US justice ministry case (DOJ) A charged 14 RPDC nationals that have exploited remote work possibilities to steal proprietary information and extort employers, generating more than $ 88 million. To combat such threats, organizations should follow the advice of FBI, CISA and other authorities, in particular by performing complete checks of history, monitoring network activity for anomalies and forming employees on social engineering tactics.
If you are interested in the best way to warn and respond to pirates, plan for a time to speak with the hexagate of the chain chain here.
This website contains links to third -party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Channel Analysis”). Access to this information does not imply the association, approval, approval or recommendation by chain analysis of the site or its operators, and the analysis chain is not responsible for the products, services or other contents hosted there.
This equipment is for information purposes only and is not intended to provide legal, tax, financial or investment advice. The recipients must consult their own advisers before making these types of decisions. The analysis chain has no responsibility for any decision taken or any other act or omission in relation to the use by the recipient of this material.
The analysis chain does not guarantee or justify the accuracy, completeness, speed, ability or validity of information in this report and will not be responsible for a complaint attributable to the errors, omissions or other inaccuracies of part of this material.
