As cryptocurrency adoption increases and building projects on Web3 becomes more widespread, blockchain security has become a central pillar for users and developers.
Speaking to BeInCrypto, Dyma Budorin, CEO of Hacken, highlighted the need for comprehensive compliance solutions by 2025.
A need for higher security measures
As 2025 approaches, experts are weighing in on the frequency of data breaches blockchains have suffered and their negative impact on the user experience. This year, crypto security breaches escalated, with losses across industries surpassing $2.9 billion, according to a recent report from Web3 Security. report developed by Hacken, a cybersecurity company.
Web3 Security Report 2024. Source: Hacking.
Access control vulnerabilities emerged as the dominant threat vector, contributing to 75% of all hacks. This trend is observed everywhere DeFiCeFi and gaming/metaverse platforms highlighted the widespread occurrence of security problems related to operational security and access management. Phishing scam also inflicted significant damage, resulting in losses of more than $600 million.
“It is clear that the industry can no longer overlook operational safety. Comprehensive audits, strict access control protocols and robust key management systems must become standard practices,” Budorin said in an interview with BeInCrypto.
The significant losses incurred in 2024 underscore the critical need for the crypto industry to prioritize comprehensive security measures and comprehensive audits to reduce future breaches and protect user assets.
A bad year for access controls
Budorin cited access control issues as the most critical challenge facing blockchain security today, particularly the loss of private keys in project teams, which impacts CEOs and developers.
According to Hacken’s report, access control exploits, primarily tied to private key compromise, resulted in losses of more than $1.7 billion by 2024. This is a significant increase from the $1 billion reported last year.
“Major incidents such as Radiant Capital and Orbit Bridge in particular underline the consequences of weak key management and the lack of multi-sig solutions or regular audits,” Budorin added.
In October one major hack targeting Radiant Capital resulted in losses of $55 million and affected more than 10,000 users. The infringement in question hackers exploiting vulnerabilities to gain control of three Radiant private keys, allowing them to siphon funds from the platform.
Web3 Security Report 2024. Source: Hacking.
Attackers exploited vulnerabilities by injecting malware onto developer devices, allowing them to intercept and manipulate legitimate transaction approvals despite using hardware wallets.
Orbit Bridge, a service for bridging chainshit by a larger hack on New Year’s Eve last year, resulting in a loss of approximately $82 million. According to Hacken, the incident was the largest DeFi hack of 2023.
Despite use multi-signature technologywhich typically requires multiple parties to authorize transactions, the attacker has compromised seven of the ten signatories, highlighting a critical vulnerability in the system.
The stolen funds were mainly stablecoins, including $30 million USDT, $10 million USDC and $10 million DAI. Moreover 231 WBTC ($10 million) and 9,500 ETH ($21.5 million) were compromised. Hackers transferred the stolen money through an intermediary address before laundering it through a cryptocurrency mixer.
Prioritizing higher cybersecurity standards
By 2025, mandatory compliance should become a reality for all projects developing on a blockchain, Budorin said.
“Mandatory compliance in 2025 will mark a turning point for the crypto industry, bringing much-needed transparency, accountability and operational resilience. Regulations such as MiCA (Markets in Crypto-Assets), DORA (Digital Operational Resilience Act) and the AML package require centralized crypto service providers, custodians and other players to implement higher cybersecurity standards, robust reporting mechanisms and strict operational procedures,” Budorin told BeInCrypto.
In addition to these jurisdictional rules, Budorin urges all blockchain projects to address cybersecurity concerns by complying with the CryptoCurrency Security Standard (CCSS). The CCSS provides a comprehensive framework for improving the security of cryptocurrency systems.
The layout of the CCSS emphasizes thorough key management practices. CCSS audit compliance mechanisms include secure key generation using standardized random bit generators to minimize the risk of key compromise.
Encrypted storage and controlled access mechanisms are enforced to prevent unauthorized key use. In contrast, proper implementation of multi-signature setups and distributed key management reduces the risk of exploitation by a single entity.
These standards recommend implementing multi-layered security measures, conducting regular security audits and establishing strict access control guidelines.
By adhering to CCSS, organizations can significantly improve private key protection. This would reduce the frequency and severity of security breaches related to access control vulnerabilities.
Budorin believes such losses could have been avoided if Radiant Capital and Orbit Bridge had complied with CCSS guidelines.
The UAE is positioning itself as a leader in Blockchain security
Some countries have adopted extensive protocols to ensure Web3 actors adhere to operational security practices.
“The UAE, and in particular Abu Dhabi Global Market (ADGM), is emerging as a global leader in blockchain security and innovation thanks to its progressive regulatory framework. strategic vision and the ability to foster a thriving technology ecosystem,” said Budorin.
The ADGM is a financial-free zone on Al Maryah Island in Abu Dhabi. Established in 2013 by federal decree, ADGM is the financial center of the city, with its independent legal and regulatory framework.
“ADGM has established itself as a regulatory pioneer, balancing innovation and compliance. By creating clear, progressive guidelines for blockchain and digital assets, ADGM attracts companies looking for a secure, compliant environment to grow,” Budorin explains.
In April, ADGM and Hacken signed a Memorandum of Understanding (MoU) to collaborate on improving blockchain security. The alliance aims to develop effective security standards and on-chain monitoring solutions within ADGMs Distributed ledger technology (DLT) Foundation framework.
“Together we are working to set global standards for Web3 security by providing advanced security auditing, penetration testing and compliance solutions for blockchain projects in the UAE and beyond,” Budorin said.
Budorin hopes to see more collaborative efforts in the future that prioritize security and promote a sustainable Web3 ecosystem.
Disclaimer
Following the Trust project guidelines, this editorial presents opinions and perspectives from industry experts or individuals. BeInCrypto is committed to transparent reporting, but the views expressed in this article do not necessarily reflect those of BeInCrypto or its employees. Readers should independently verify information and consult a professional before making any decisions based on this content. Please note that our General terms and conditions, Privacy PolicyAnd Disclaimers have been updated.