As crypto adoption grows and building projects on Web3 becomes more widespread, blockchain security has become a central pillar for users and developers alike.
In a conversation with BeInCrypto, Hacken CEO Dyma Budorin highlighted the need for comprehensive compliance solutions in 2025.
Need for stricter security measures
As 2025 approaches, experts are assessing the frequency of data breaches that blockchains have suffered and their negative impact on user experience. This year, crypto security breaches have surged, with losses exceeding $2.9 billion across multiple industries, according to a recent Web3 security report by cybersecurity firm Hacken.
Web3 Security Report 2024. Source: Hacken.
Access control vulnerabilities emerged as the top threat vector, contributing to 75% of all attacks. This trend, observed across DeFi, CeFi, and gaming/metaverse platforms, highlighted the widespread occurrence of security weaknesses related to operational security and access management. Phishing scams also caused significant damage, resulting in losses exceeding $600 million.
“It is clear that the industry can no longer ignore operational security. Comprehensive audits, strict access control protocols, and robust key management systems must become standard practices,” Budorin said in an interview with BeInCrypto.
The significant losses experienced in 2024 underscore the critical need for the crypto industry to prioritize comprehensive security measures and thorough audits to reduce future breaches and protect user assets.
A bad year for access controls
Budorin pointed to access control issues as the most critical challenge facing blockchain security today, especially the loss of private keys among project teams, affecting CEOs and developers.
According to Hacken’s report, in 2024, access control exploits, mostly tied to private key compromises, resulted in losses exceeding $1.7 billion. This represents a substantial increase from the $1 billion reported the previous year.
“Major incidents like Radiant Capital and Orbit Bridge highlight the consequences of poor key management and the absence of multi-sig solutions or regular audits,” Budorin added.
In October, a major attack targeting Radiant Capital resulted in losses of $55 million and affected over 10,000 users. The breach involved hackers exploiting vulnerabilities to gain control of three of Radiant’s private keys, allowing them to drain funds from the platform.
Web3 Security Report 2024. Source: Hacken.
However, attackers exploited vulnerabilities by injecting malware into developer devices, allowing them to intercept and manipulate legitimate transaction approvals, even when using hardware wallets.
Orbit Bridge, a cross-chain bridging service, suffered a more significant attack on New Year’s Eve last year, resulting in a loss of approximately $82 million. According to Hacken, the incident marked the largest DeFi hack of 2023.
Despite using multi-signature technology, which typically requires multiple parties to authorize transactions, the attacker compromised seven of the ten signatories, highlighting a critical vulnerability in the system.
The stolen funds were primarily stablecoins, including $30 million in USDT, $10 million in USDC, and $10 million in DAI. Additionally, 231 WBTC ($10 million) and 9,500 ETH ($21.5 million) were compromised. The hackers transferred the stolen funds through an intermediary address before laundering them through a cryptocurrency mixer.
Prioritizing higher cybersecurity standards
By 2025, mandatory compliance should become a reality for all blockchain-based projects, Budorin said.
“Mandatory compliance in 2025 will mark a turning point for the crypto industry, driving much-needed transparency, accountability, and operational resilience. Regulations such as MiCA (Markets in Crypto-Assets), DORA (Digital Operational Resilience Act), and the AML Package will require centralized crypto service providers, custodians, and other actors to implement higher cybersecurity standards, robust reporting mechanisms, and rigorous operational procedures,” Budorin told BeInCrypto.
In addition to these jurisdictional regulations, Budorin urges all blockchain projects to address cybersecurity concerns by complying with the Cryptocurrency Security Standard (CCSS). The CCSS provides a comprehensive framework for improving the security of cryptocurrency systems.
The CCSS framework emphasizes rigorous key management practices. Among its compliance mechanisms, CCSS controls require secure key generation using standardized random bit generators to minimize the risk of key compromise.
Encrypted storage and controlled access mechanisms are applied to prevent unauthorized use of keys. In contrast, proper implementation of multi-signature configurations and distributed key management mitigates the risk of exploitation by any single entity.
These standards recommend implementing multi-layered security measures, conducting regular security audits, and establishing strict access control guidelines.
By adhering to the CCSS, organizations can significantly improve the protection of private keys. Additionally, this would reduce the frequency and severity of security breaches related to access control vulnerabilities.
Budorin believes such losses could have been avoided if Radiant Capital and Orbit Bridge had followed CCSS guidelines.
UAE positions itself as a leader in blockchain security
Some nations have adopted extensive protocols to ensure that Web3 actors follow operational security practices.
“The UAE, and specifically the Abu Dhabi Global Market (ADGM), is emerging as a global leader in blockchain security and innovation due to its visionary regulatory framework, strategic vision and ability to foster a thriving technology ecosystem,” Budorin said.
ADGM is a financial free zone on Al Maryah Island in Abu Dhabi. Established in 2013 by Federal Decree, ADGM is the city’s financial hub, with its own independent legal and regulatory framework.
“ADGM has established itself as a regulatory pioneer, balancing innovation with compliance. By creating clear and progressive guidelines for blockchain and digital assets, ADGM attracts companies seeking a safe and compliant environment to grow,” Budorin explained.
However, in April, ADGM and Hacken signed a Memorandum of Understanding (MoU) to collaborate on enhancing blockchain security. The alliance aims to develop effective security standards and on-chain monitoring solutions within ADGM’s Distributed Ledger Technology (DLT) framework.
“Together, we are working to establish global standards for Web3 security by providing cutting-edge security audits, penetration testing, and compliance solutions for blockchain projects in the UAE and beyond,” said Budorin.
However, Budorin hopes to see more collaborative efforts in the future that prioritize security and promote a sustainable Web3 ecosystem.
The article Hacken CEO calls for stringent security measures by 2025 appeared first on BeInCrypto Brasil.
