As the Bitcoin and crypto markets surged past a $3.2 trillion market cap, Fireblocks’ latest report underscores a deeply concerning reality: the web3 and blockchain industry’s security risks are intensifying along with its rapid growth.
The research report, which includes key insights from Fireblocks (a company that has reportedly secured over $7 trillion in digital asset transactions for more than 2,000 organizations), examines the evolving threat landscape facing institutional and retail crypto markets.
With Bitcoin ETFs gaining considerable traction, real-world asset (RWA) tokenization accelerating, and stablecoin payments mainstreaming, adoption is increasingly at an unprecedented pace—but so are more sophisticated attack vectors, emphasizing the need for robust, adaptive security measures.
The research report from Fireblocks identifies six critical threats driving this risk escalation.
- First, API exploits have emerged as a major vulnerability, with poorly secured API keys enabling large-scale thefts that sidestep traditional defenses.
- Second, private key theft remains a persistent danger, as advanced credential harvesting and unauthorized access attempts target centralized exchanges (CEXs), custodians, and wallet providers.
- Third, multi-step deposit fraud exploits delayed on-chain reconciliations, allowing attackers to fake deposits and siphon unbacked funds.
- Fourth, AI-powered phishing and deepfake attacks leverage cutting-edge tools like voice cloning and video manipulation to deceive employees and executives, amplifying social engineering risks.
- Fifth, governance and insider risks expose treasury operations and token issuance to internal weaknesses, often due to lax oversight.
- Finally, smart contract vulnerabilities in DeFi protocols—stemming from unverified code and unchecked upgrades—continue to offer fertile ground for exploitation.
High-profile incidents, such as the $1.5 billion Bybit hack in early 2025, underscore these systemic flaws.
The report argues that such breaches are not isolated failures but symptoms of broader security gaps across the ecosystem.
“The Bybit hack was preventable,” Fireblocks asserted via a social media post, pointing to persistent weaknesses that attackers exploit with increasing sophistication.
AI-driven phishing, multi-stage supply chain attacks, and insider collusion are no longer hypothetical—they’re active threats demanding a paradigm shift beyond outdated perimeter defenses.
To counter this, Fireblocks advocates for an end-to-end security approach.
The report emphasizes real-time transaction monitoring to detect and halt exploits as they unfold, robust governance enforcement to close insider loopholes, and proactive, secure-by-design architecture to preempt breaches.
Multi-layered approvals, advanced authentication, and automated fraud detection are highlighted as essential tools to outpace cybercriminals.
For instance, securing APIs—central to institutional operations—requires tighter controls to prevent misconfiguration-related breaches, a lesson drawn from recent losses exceeding billions.
The stakes are high as digital assets integrate deeper into global finance.
With DeFi assets surpassing $134 billion and institutional players like BNY and Revolut reportedly relying on platforms like Fireblocks, the need for scalable, resilient security is non-negotiable.
Shahar Madar, Fireblocks’ VP of Security and Trust Products said:
“Crypto security is the most critical issue facing institutions today.”
They also pointed to the attackers’ focus on infrastructure and governance vulnerabilities.
The report calls for closer industry-wide collaboration in order to strengthen access controls and evolve defenses, positioning Fireblocks’ solutions—like its MPC-CMP wallets and policy engine—as examples or blueprints for reliably safeguarding the next (potential) billion users in this ecosystem.