Hacken CEO Warns: Crypto Asset Industry Still Lacks Comprehensive Security Strategy, Despite Losses Reaching $357 Million in April 2025
April 2025 recorded a sudden surge in crypto losses, with total stolen assets reaching nearly $360 million—an increase of nearly 1,000% compared to March. Notably, most losses came from a $330 million Bitcoin theft through social engineering, targeting an elderly individual in the US.
However, according to Dyma Budorin – CEO of blockchain cybersecurity company Hacken – the crypto industry still lacks significant progress in security strategy. "There is no substantial change," Mr. Budorin noted in an interview with Cointelegraph at the Token2049 conference in Dubai.
He stated that most crypto projects still rely on limited defensive measures like penetration testing and bug bounty programs, instead of implementing a systematic multi-layered security strategy. "Many development teams think that just performing penetration testing is enough, with bug bounty being a bonus. But that is not sufficient," he emphasized.
According to Budorin, companies in the digital asset industry need to learn from traditional industry security standards—including supply chain security, operational security, and specialized risk assessment methods for blockchain technology. "In large Web2 enterprises, these are mandatory requirements," he compared, implying that the crypto industry still lacks maturity in cybersecurity control.
Although proactive defense systems have not significantly improved, Mr. Budorin acknowledged some progress in post-incident handling. He mentioned that blockchain analysis company Chainalysis has deployed a mechanism to blacklist stolen assets in real-time.
"Previously, Chainalysis took three days to block fund flows, by which time hackers had already laundered the assets," he said, citing the $1.4 billion attack on Bybit on 21/2, where attackers exploited wallet security vulnerabilities to drain funds within 10 days.
However, Mr. Budorin believes this progress only solves a small part of the problem. "Processing speed may have improved, but in terms of cybersecurity practice, there have been no significant changes," he noted.
His assessment is supported by data from blockchain security firm PeckShield, which shows 18 separate attack incidents in April 2025, with total stolen assets approximately $360 million. This loss is nearly 11 times the $33 million recorded in March. The most damaging incident was an unauthorized Bitcoin transaction discovered by blockchain analyst ZachXBT on April 28.
After investigation, he confirmed the $330 million BTC transaction was the result of a sophisticated social engineering attack, demonstrating that human factor vulnerabilities continue to be extensively exploited by malicious actors.
