In collaboration withLedger
In February 2025, a group of cyber criminals believed to be connected to North Korea carried out a complex supply chain attack on the cryptocurrency exchange Bybit. By infiltrating its infrastructure and exploiting its multi-signature security protocols, the attackers succeeded in stealing over $1.5 billion worth of Ethereum, marking the largest known theft of digital assets to date.
The consequences reverberated throughout the cryptocurrency market, leading to a 20% drop in Bitcoin’s value from its January highs. Furthermore, the extensive losses positioned 2025 as potentially the worst year ever for cryptocurrency theft.
Bitcoin, Ethereum, and stablecoins have become key monetary tools, and despite their volatility, their valuations persist in increasing. By October 2025, the total value of cryptocurrency and other digital assets surged past $4 trillion.
However, this escalating value and liquidity attract heightened attention from cybercriminals and digital thieves. The Bybit incident illustrates the relentless focus that sophisticated attackers have on devising methods to breach the security frameworks of the crypto ecosystem, according to Charles Guillemet, chief technology officer at Ledger, a secure signer platform provider.
”The attackers are highly organized, well-funded, and invest considerable time and resources into targeting large-scale assets because they can,” he remarks. “From an opportunity cost perspective, it’s a substantial investment, but if they ultimately gain $1.4 billion, it justifies the expense.”
This scenario also highlights how the crypto threat landscape poses risks not just for the unsuspecting but also for the technologically astute. Cybercriminals employ social engineering techniques to exploit end users while also seeking out vulnerabilities within various aspects of the cryptocurrency infrastructure.
Historically, digital asset holders faced these threats alone. Now, however, cybersecurity firms and cryptocurrency solution providers are unveiling innovative solutions that leverage comprehensive threat research.
A gold mine for attackers
One of the benefits of cryptocurrency is self-custody. Users can securely store their private keys—essential alphanumeric codes that verify ownership and provide full control over digital assets—within software or hardware wallets.
Users, however, must trust in the security of their wallet technology; if the keys are lost or forgotten, their value can also vanish.
”If I compromise your credit card, what’s the problem? You’ll contact your bank, and they will handle reversing the transactions,” states Vincent Bouzon, head of the Donjon research team at Ledger. “The issue with crypto is, if something goes wrong, it’s too late. Hence, we must eliminate any potential vulnerabilities and ensure user security.”
Attackers are increasingly targeting digital assets known as stablecoins, which are cryptocurrencies pegged to assets like gold or fiat currencies such as the US dollar.
Stablecoins depend on smart contracts—digital agreements stored on the blockchain that utilize preset code for issuance management, value maintenance, and rule enforcement—which are susceptible to various types of attacks, often preying on users’ gullibility or unawareness of the risks. Post-theft countermeasures like freezing coin transfers and blacklisting addresses can mitigate the risks associated with these attacks.
Identifying vulnerabilities
Software-based wallets, known as “hot wallets,” are applications or programs operating on a user’s device, frequently posing weak points. Their internet connectivity makes them user-friendly but also vulnerable to hackers.
“Using a software wallet inherently exposes you because your keys are kept on your computer or phone. Unfortunately, electronic devices aren’t designed with security in mind,” Guillemet points out.
The gains from exploiting such vulnerabilities can be considerable. Hackers who compromised credentials in a targeted attack on LastPass, an encrypted password manager, in 2022, managed to siphon millions in cryptocurrency from victims over the following two years or more.
Even hardware wallets, which resemble USB drives or key fobs and offer greater security than software alternatives since they are entirely offline, can still harbor vulnerabilities that a motivated attacker might exploit.
Strategies include employing side-channel attacks, where a cybercriminal examines a system’s physical side effects, such as timing, power usage, or electromagnetic and acoustic emissions, to glean insights into the algorithm’s implementation.
Guillemet emphasizes that cybersecurity firms developing digital asset solutions, including wallets, ought to help lessen the burden on users by embedding security features and educating them about enhancing their defenses.
For businesses to safeguard cryptocurrency, tokens, essential documents, or other digital assets, they may require a platform that enables multi-stakeholder custody and governance, incorporates software and hardware protections, and allows visibility of assets and transactions through Web3 verifications.
Establishing proactive security strategies
As the threat environment rapidly transforms, comprehensive research from attack labs like Ledger Donjon can assist security firms in staying ahead. The Ledger Donjon team is focused on understanding how to preemptively secure the digital asset ecosystem and establish global security benchmarks.
Key initiatives encompass the team’s offensive security research, utilizing ethical and white-hat hackers to simulate attacks and identify weaknesses in hardware wallets, cryptographic systems, and overall infrastructure.
In November 2022, the Donjon team uncovered a vulnerability in the Web3 wallet platform Trust Wallet, which had been acquired by Binance. They discovered that the seed-phrase generation was insufficiently random, enabling the computation of all possible private keys and jeopardizing around $30 million stored in Trust Wallet accounts, according to Bouzon. “The entropy was not sufficient; it was only 4 billion. It was large, but not adequate,” he explains.
To bolster safety, there are three critical principles that digital asset protection platforms should implement, Bouzon advises. First, security providers must develop robust algorithms to generate seed phrases for private keys and conduct thorough security audits of the software. Second, users should prefer hardware wallets featuring secure screens rather than using software wallets. Finally, every smart contract transaction should incorporate visibility into what is being signed to prevent blind signing attacks.
Ultimately, the onus for securing these valuable assets rests on both digital asset solution providers and the users themselves. As cryptocurrency values continue to rise, so too will the threat landscape as hackers persist in trying to outsmart new security measures. While digital asset providers, security firms, and wallet solutions must strive to develop strong and straightforward protection for the cryptocurrency ecosystem, users likewise need to pursue the information and education essential for preemptively safeguarding themselves and their wallets.
Learn more about securing digital assets on the Ledger Academy.
This content was generated by Insights, the custom content division of MIT Technology Review. It was not authored by the editorial staff of MIT Technology Review.
This content was created, designed, and written by human writers, editors, analysts, and illustrators, which included the composition of surveys and the gathering of survey data. AI tools that may have been employed were confined to secondary production processes subjected to thorough human oversight.
