Securing digital assets as crypto crime surges

Securing Digital Assets as Crypto Crime Surges

In February 2025, a sophisticated supply chain attack on cryptocurrency exchange Bybit left the market reeling. Hackers, thought to be linked to North Korea, stole more than $1.5 billion worth of Ethereum in the largest known digital-asset theft to date. The ripple effects were felt across the cryptocurrency market, with the price of Bitcoin dropping 20% from its record high in January.

The massive losses put 2025 on track to be the worst year in history for cryptocurrency theft. Despite the volatility, the value of Bitcoin, Ethereum, and stablecoins has continued to rise. In October 2025, the value of cryptocurrency and other digital assets topped $4 trillion. However, with this burgeoning value and liquidity comes more attention from cybercriminals and digital thieves.

A Treasure Trove for Attackers

One of the advantages of cryptocurrency is self-custody. Users can save their private keys—the critical piece of alphanumeric code that proves ownership and grants full control over digital assets—into either a software or hardware wallet to safeguard it. However, users must put their faith in the security of the wallet technology, and, because the data is the asset, if the keys are lost or forgotten, the value too can be lost.

"If I hack your credit card, what is the issue? You will call your bank, and they will manage to revert the operations," says Vincent Bouzon, head of the Donjon research team at Ledger. "The problem with crypto is, if something happens, it's too late. So we must eliminate the possibility of vulnerabilities and give users security."

Increasingly, Attackers are Focusing on Digital Assets Known as Stablecoins

Stablecoins rely on smart contracts—digital contracts stored on blockchain that use pre-set code to manage issuance, maintain value, and enforce rules—that can be vulnerable to different classes of attacks, often taking advantage of users' credulity or lack of awareness about the threats. Post-theft countermeasures, such as freezing the transfer of coins and blacklisting of addresses, can lessen the risk with these kinds of attacks, however.

Understanding Vulnerabilities

Software-based wallets, also known as “hot wallets,” which are applications or programs that run on a user’s computer, phone, or web browser, are often a weak link. While their connection to the internet makes them convenient for users, it also makes them more readily accessible to hackers too.

"If you are using a software wallet, by design it's vulnerable because your keys are stored inside your computer or inside your phone. And unfortunately, a phone or a computer is not designed for security," says Charles Guillemet, chief technology officer of Ledger.

Even Hardware-Based Wallets Can Have Vulnerabilities

Even hardware-based wallets, which often resemble USB drives or key fobs and are more secure than their software counterparts since they are completely offline, can have vulnerabilities that a diligent attacker might find and exploit. Tactics include the use of side-channel attacks, for example, where a cybercriminal observes a system’s physical side effects, like timing, power, or electromagnetic and acoustic emissions to gain information about the implementation of an algorithm.

Developing Proactive Security Measures

As the threat landscape evolves at breakneck speed, in-depth research conducted by attack labs like Ledger Donjon can help security firms keep pace. The team at Ledger Donjon are working to understand how to proactively secure the digital asset ecosystem and set global security standards.

Key projects include the team’s offensive security research, which uses ethical and white hat hackers to simulate attacks and uncover weaknesses in hardware wallets, cryptographic systems, and infrastructure. In November 2022, the Donjon team discovered a vulnerability in Web3 wallet platform Trust Wallet, which had been acquired by Binance. They found that the seed-phrase generation was not random enough, allowing the team to compute all possible private keys and putting as much as $30 million stored in Trust Wallet accounts at risk, says Bouzon.

Enhancing Overall Safety

To enhance overall safety, there are three key principles that digital-asset protection platforms should apply, says Bouzon. First, security providers should create secure algorithms to generate the seed phrases for private keys and conduct in-depth security audits of the software. Second, users should use hardware wallets with a secure screen instead of software wallets. And finally, any smart contract transaction should include visibility into what is being signed to avoid blind signing attacks.

The Responsibility for Safeguarding Digital Assets Lies on Both Providers and Users

Ultimately, the responsibility for safeguarding these valuable assets lies on both digital asset solution providers and the users themselves. As the value of cryptocurrencies continues to grow so too will the threat landscape as hackers keep attempting to circumvent new security measures. While digital asset providers, security firms, and wallet solutions must work to build strong and simple protection to support the cryptocurrency ecosystems, users must also seek out the information and education they need to proactively protect themselves and their wallets.

Conclusion

The threat landscape for digital assets is evolving rapidly, and it is essential for both digital asset solution providers and users to take proactive steps to secure their assets. By understanding the vulnerabilities and developing proactive security measures, we can build a safer and more secure digital asset ecosystem.

Source: https://www.technologyreview.com/2026/01/12/1129479/securing-digital-assets-as-crypto-crime-surges/