To a lot of people, once they hear the word “blockchain,” the first things that come to mind are “scam,” “fake,” “hack,” “fraud,” and other unfavourable impressions. It is not so for the blockchain expert who knows how wonderful the technology is and how it can even be used to fight these unfavourable impressions. The aim of this short piece is to point out how these impressions are ruining this exciting technology & trillion-dollar industry and ways we can collectively fight this as an industry.
There are numerous advantages of blockchain technology, ranging from removing unnecessary middlemen to fast and cheaper global payments. More transparent systems, new ways to earn and invest, and lots more. Personally, I picked up an interest in this technology when I got paid in stablecoins for my first remote role in 2020. The pain of being restricted from platforms like Paypal just for living in Nigeria then became a thing of the past, LOL.
I feel much pain whenever I read how players in this industry are losing their fortunes to bad elements. Some of these fraudulent activities are not even too hard to detect and mitigate. In 2025 alone, over $2.5B has been stolen through hacks in the blockchain space. This figure is almost the same amount stolen in 2024 ($2.26B). Just imagine introducing some novice to this industry and they get to know about these hacks; that will be a huge turnoff for them. That’s why we have to fight collectively as an industry to overcome this barrier to blockchain adoption.
Unlike the traditional Web2 space, where hackers may gain control over a database and get some data for other things, every hack in the blockchain space is money. It’s funds flowing, and that’s why the hacks are more devastating. There are several ways these hacks occur, ranging from private key compromise—which accounted for over 43% of the hacks in 2024— to vulnerabilities in smart contract codes of protocols, responsible for less than 10% of the hacks in 2024, according to a Chain Analysis report.
Security researchers in the space are doing a great job so far with securing many protocols. Less than 10% of the hacks in 2024 coming from codebase exploits is a result of the work they’re doing. The security research community is minting more researchers on a regular basis through quality training and availability of materials. People like Patrick Collins and the Cyfrin team play a major role in this by providing top-quality courses for free. Protocols now go through both private and public audits, all thanks to the organization of the security research community.
The hackers who are finding it more difficult to exploit codebases are now targeting human behaviour. Over 43% of 2024 hacks coming from private key compromise points to that. Even expert devs are falling for their scam. They target you on platforms like LinkedIn, offer you jobs, and give you codebases to review. Most of these codebases are bugged, and once you run them on your device, they gain access to your host machine, and your private keys are compromised. You can avoid this by running these test codebases in an isolated environment. They are doing this to devs who build in the industry; imagine what they’re doing to non-devs. Big exchanges are not exempted from this either. A major share of the 2025 hacks so far is from Bybit ($1.4B) in a similar manner, just by signing transactions without properly verifying the calldata.
We need to be very loud about educating players in the industry. Even if you’re signing a dollar transaction, you need to be extra careful. The security researchers shouldn’t bear this burden alone. Protocols should invest more in educating members of their communities. Protocols shouldn’t just stop at a single private or public audit. For instance, these protocols below have gone through hundreds of audits over the years, and they’re still standing strong. No reported hacks so far, all because they prioritized security.
Aave - with $25B Total Value Locked (TVL).
Uniswap - with $5B TVL.
Lido - with $23B TVL.
Sky - $4.9B TVL.
Look at the volume they’re controlling. If they hadn’t invested heavily in security, they would’ve been hacked long ago, further damaging the industry’s reputation.
I promised this would be a short piece. There are more to highlight, but we’ll summarize here.
We shouldn’t leave the burden of blockchain security to the researchers alone.
Before investing in any protocol, check if they’ve gone through audits.
Learn to verify any calldata before signing transactions, even if it's $1.
For the devs looking for jobs, be very mindful of those who give you codebases to review. Always run them in isolated environments to avoid being bugged.
Most importantly, don’t store your private keys carelessly.
Thank you for making it to this point. Stay connected for more short pieces like this about blockchain security. Till then…
Top comments (0)