The decentralized finance sector faces an unprecedented security crisis after revealing that Web3 ecosystem losses approached $4 billion this year. According to Hacken’s annual report, entities linked to North Korea are responsible for more than half of these global financial damages. Therefore, operational security has become the main focus of discussions between regulators and technology companies today.
The figures published by security firm Hacken place the total damage at approximately 3.95 billion American dollars during 2025. Likewise, the first quarter recorded the highest peak of thefts with a figure exceeding 2 billion dollars. Therefore, North Korean threat actors dominate the landscape of computer crime in the digital asset environment currently. In this way, the vulnerability of private keys far exceeds the errors made in the programming of smart contract codes.
On the other hand, the report highlights that the failure in access controls is the main cause of massive embezzlement. In this sense, the massive hack of the Bybit platform represented the largest single theft recorded in the history of the industry.
Consequently, inefficient management of digital identities facilitated criminal groups compromising large-scale institutional systems recently. However, many companies continue using insecure practices despite increasing warnings from cybersecurity experts globally.
How will the tightening of regulations affect the operation of protocols?
The gap between regulatory guidance and actual implementation remains a critical challenge for the entire industry today. According to Yehor Rudystia, an expert at Hacken, regulators are transforming voluntary guidelines into strict rules of mandatory compliance for the coming year.
Therefore, the use of dedicated signing hardware will be a non-negotiable requirement for platforms that custody third-party funds. Additionally, conducting periodic incident simulations will help strengthen resistance to sophisticated social engineering attacks.
On the other hand, the CEO of the security firm, Yevheniia Broshevan, sees an opportunity to raise the general standard of protection. However, the adoption of continuous monitoring tools is essential to detect anomalies in real-time within distributed networks.
Therefore, the sector must prioritize institutional custody through the use of multi-party computation and rigorous cold storage. Likewise, collaboration with law enforcement agencies will be decisive in mitigating the impact of state espionage networks.
Finally, the cryptocurrencies market expects these measures to drastically reduce the frequency of attacks during the 2026 commercial cycle. The technology industry must close operational gaps before investor confidence is irreversibly compromised.
For this reason, transparency in external financial audits will be the pillar that sustains the growth of companies in the sector. Similarly, the implementation of specific threat intelligence will allow for anticipation of the movements of sophisticated hacker groups.
