The recent security breach for around $1.5 billion at Bybit, the world’s second-largest cryptocurrency exchange by trading volume, sent ripples through the digital asset community. With $20 billion in customer assets under custody, Bybit faced a significant challenge when an attacker exploited security controls during a routine transfer from an offline «cold» wallet to a «warm» wallet used for daily trading.

Initial reports suggest the vulnerability involved a home-grown Web3 implementation using Gnosis Safe — a multi-signature wallet that uses off-chain scaling techniques, contains a centralized upgradable architecture, and a user interface for signing. Malicious code deployed using the upgradable architecture made what looked like a routine transfer actually an altered contract. The incident triggered around 350,000 withdrawal requests as users rushed to secure their funds.

While considerable in absolute terms, this breach — estimated at less than 0.01% of the total cryptocurrency market capitalization — demonstrates how what once would have been an existential crisis has become a manageable operational incident. Bybit’s prompt assurance that all unrecovered funds will be covered through its reserves or partner loans further exemplifies its maturation.

Since the inception of cryptocurrencies, human error — not technical flaws in blockchain protocols — has consistently been the primary vulnerability. Our research examining over a decade of major cryptocurrency breaches shows that human factors have always dominated. In 2024 alone, approximately $2.2 billion was stolen.

What’s striking is that these breaches continue to occur for similar reasons: organizations fail to secure systems because they won’t explicitly acknowledge responsibility for them, or rely on custom-built solutions that preserve the illusion that their requirements are uniquely different from established security frameworks. This pattern of reinventing security approaches rather than adapting proven methodologies perpetuates vulnerabilities.

While blockchain and cryptographic technologies have proven cryptographically robust, the weakest link in security is not the technology but the human element interfacing with it. This pattern has remained remarkably consistent from cryptocurrency’s earliest days to today’s sophisticated institutional environments, and echoes cybersecurity concerns in other — more traditional — domains.

These human errors include mismanagement of private keys, where losing, mishandling, or exposing private keys compromises security. Social engineering attacks remain a major threat as hackers manipulate victims into divulging sensitive data through phishing, impersonation, and deception.

Human-Centric Security Solutions

Purely technical solutions cannot solve what is fundamentally a human problem. While the industry has invested billions in technological security measures, comparatively little has been invested in addressing the human factors that consistently enable breaches.

A barrier to effective security is the reluctance to acknowledge ownership and responsibility for vulnerable systems. Organizations that fail to clearly delineate what they control — or insist their environment is too unique for established security principles to apply — create blind spots that attackers readily exploit.

This reflects what security expert Bruce Schneier has termed a law of security: systems designed in isolation by teams convinced of their uniqueness almost invariably contain critical vulnerabilities that established security practices would have addressed. The cryptocurrency sector has repeatedly fallen into this trap, often rebuilding security frameworks from scratch rather than adapting proven approaches from traditional finance and information security.

A paradigm shift toward human-centric security design is essential. Ironically, while traditional finance evolved from single-factor (password) to multi-factor authentication (MFA), early cryptocurrency simplified security back to single-factor authentication through private keys or seed phrases under the veil of security through encryption alone. This oversimplification was dangerous, leading to the industry’s speedrunning of various vulnerabilities and exploits. Billions of dollars of losses later, we arrive at the more sophisticated security approaches that traditional finance has settled on.

Modern solutions and regulatory technology should acknowledge that human error is inevitable and design systems that remain secure despite these errors rather than assuming perfect human compliance with security protocols. Importantly, the technology does not change fundamental incentives. Implementing it comes with direct costs, and avoiding it risks reputational damage.

Security mechanisms must evolve beyond merely protecting technical systems to anticipating human mistakes and being resilient against common pitfalls. Static credentials, such as passwords and authentication tokens, are insufficient against attackers who exploit predictable human behavior. Security systems should integrate behavioral anomaly detection to flag suspicious activities.

Private keys stored in a single, easily accessible location pose a major security risk. Splitting key storage between offline and online environments mitigates full-key compromise. For instance, storing part of a key on a hardware security module while keeping another part offline enhances security by requiring multiple verifications for full access — reintroducing multi-factor authentication principles to cryptocurrency security.

Actionable Steps for a Human-Centric Security Approach

A comprehensive human-centric security framework must address cryptocurrency vulnerabilities at multiple levels, with coordinated approaches across the ecosystem rather than isolated solutions.

For individual users, hardware wallet solutions remain the best standard. However, many users prefer convenience over security responsibility, so the second-best is for exchanges to implement practices from traditional finance: default (but adjustable) waiting periods for large transfers, tiered account systems with different authorization levels, and context-sensitive security education that activates at critical decision points.

Exchanges and institutions must shift from assuming perfect user compliance to designing systems that anticipate human error. This begins with explicitly acknowledging which components and processes they control and are therefore responsible for securing.

Denial or ambiguity about responsibility boundaries directly undermines security efforts. Once this accountability is established, organizations should implement behavioral analytics to detect anomalous patterns, require multi-party authorization for high-value transfers, and deploy automatic «circuit breakers» that limit potential damage if compromised.

In addition, the complexity of Web3 tools creates large attack surfaces. Simplifying and adopting established security patterns would reduce vulnerabilities without sacrificing functionality.

At the industry level, regulators and leaders can establish standardized human factors requirements in security certifications, but there are tradeoffs between innovation and safety. The Bybit incident exemplifies how the cryptocurrency ecosystem has evolved from its fragile early days to a more resilient financial infrastructure. While security breaches continue — and likely always will — their nature has changed from existential threats that could destroy confidence in cryptocurrency as a concept to operational challenges that require ongoing engineering solutions.

The future of cryptosecurity lies not in pursuing the impossible goal of eliminating all human error but in designing systems that remain secure despite inevitable human mistakes. This requires first acknowledging what aspects of the system fall under an organization’s responsibility rather than maintaining ambiguity that leads to security gaps.

By acknowledging human limitations and building systems that accommodate them, the cryptocurrency ecosystem can continue evolving from speculative curiosity to robust financial infrastructure rather than assuming perfect compliance with security protocols.

The key to effective cryptosecurity in this maturing market lies not in more complex technical solutions but in more thoughtful human-centric design. By prioritizing security architectures that account for behavioral realities and human limitations, we can build a more resilient digital financial ecosystem that continues to function securely when — not if — human errors occur.

Ethereum has undergone a big transformation in the last four years, starting as a network capable of handling just 15 transactions per second, and evolving to a powerhouse processing thousands, with transaction costs decreasing from $50 per swap to mere cents. L2s and rollups have helped scale Ethereum without compromising its decentralized ethos. But this success has led to a new problem, one of fragmentation.

Today, Ethereum is one of the most widely adopted blockchains, consisting of a network of over 50 L2s, each operating as its own siloed ecosystem. What this means for end-users is having to juggle multiple networks, bridge assets, and navigate a maze of processes just to perform basic actions.

Mirroring the fragmented technological landscape, Ethereum’s funding landscape has become difficult to navigate for builders across the lifecycle, stalling innovation as projects struggle to secure sustainable funding.

To create a more efficient ecosystem, Ethereum needs to start adopting blockchain-based funding mechanisms that better align with its complex, community-based and experimental nature.

Traditional funding programs often focus on early-stage projects, neglecting the long-term needs of builders in Web3. It can be misleading to look at crypto market narratives dominating the investment landscape and assume a booming activity. Financial returns for many of those projects might not come in the short-term, leaving builders struggling to navigate to sustainable growth. Funding mechanisms have to be able to support builders throughout the entire journey of the product lifecycle.

Rewarding impact, not speculation

One of the most promising blockchain-powered funding models is RetroPGF, which flips the traditional funding script by rewarding projects based on their proven impact rather than their speculative potential. This model is particularly well-suited to Ethereum’s fragmented ecosystem, where public goods like open-source software, developer tools, and interoperability solutions often struggle to attract upfront investment.

RetroPGF focuses on measurable outcomes of a project. It pools funds from DAOs or ecosystem contributors and distributes them retroactively to projects that have demonstrated value. This process ensures that critical infrastructure — like cross-chain bridges or developer frameworks — receives the support it needs at the right time.

This funding mechanism is preferred because it helps align incentives. Instead of competing for speculative investment, projects can focus on delivering real value, knowing that their contributions will be recognized and rewarded. For a fragmented ecosystem like Ethereum, RetroPGF offers a way to unify funding efforts and ensure that resources flow to the most impactful initiatives.

Amplifying community support

Another powerful tool in the blockchain funding toolkit is quadratic funding, a model that distributes capital based on the breadth of community support rather than the size of individual contributions. This approach levels the playing field for smaller projects and grassroots initiatives, which often struggle to compete with well-funded competitors in traditional funding models.

Quadratic funding works by matching small donations from a large number of supporters with a larger pool of funds, reflecting the collective intelligence of the community and ensuring that projects with widespread grassroots support receive the majority of funding.

By tokenizing the value of public goods projects, such as governance rights or revenue streams, founders can open their projects to a broader pool of supporters with the help of fractional investing mechanisms. This creates a diverse and passionate investor base, democratizing access to capital and reducing reliance on traditional funding sources.

For example, developers building a cross-chain interoperability solution could tokenize their project’s governance rights, allowing supporters to contribute micro-investments in exchange for a stake in its success. This not only provides the project with much-needed funding but also fosters a sense of ownership and alignment among its supporters.

In a fragmented ecosystem like Ethereum, fractional investing can help bridge the gaps between chains by incentivizing collaboration and shared ownership. Projects that might otherwise operate in isolation can tap into a unified pool of capital, creating a more interconnected and resilient ecosystem.

On-chain ownership

At the heart of these blockchain-powered funding models is the concept of on-chain ownership. By tokenizing their work and leveraging blockchain’s transparency, creators and builders can establish direct relationships with their supporters, eliminating intermediaries and ensuring that value flows back to those who believed in them from the start.

On-chain transactions also make funding flows visible and auditable, reducing fraud and fostering trust. This transparency is particularly important in a fragmented ecosystem like Ethereum, where users and developers often struggle to navigate complex and opaque funding structures.

An important question to address is how to source funding for these x-L2 initiatives.

One strategy is to make funding Ethereum common goods a condition of being a Stage 1 or Stage 2 rollup. These rollups, once they’ve reached that level of decentralization, are relying on a distributed community and tools for governance. Funding these common goods and tools is not only justified but necessary for their continued growth.

An alternative would be to redirect the Ethereum Foundation grants program towards solving this issue. The EF needs to better support the cross-L2 experience and funding common goods to solve these challenges is key to doing so.

Ethereum’s fragmentation goes beyond technical challenges, it’s a funding challenge above all others. By adopting blockchain-powered funding models like RetroPGF, quadratic funding, and fractional investing, the ecosystem offers a way to align incentives, amplify community support, and democratize access to capital, ensuring that resources flow to the projects that need them most.

If you blinked you may have missed it: Solana’s SOL futures started trading on Monday on the Chicago Mercantile Exchange (CME), the go-to marketplace for U.S. institutions, and unlike previous, historic CME debuts for bitcoin (BTC) and ether (ETH), it received little fanfare.

The product booked $12.3 million in notional daily volume on day one and closed with $7.8 million in open interest, well falling short of similar debuts of BTC and ETH products, according to K33 Research data. For context, BTC futures launched in December 2017 with $102.7 million first-day volume and $20.9 million in open interest, while ETH futures debuted in February 2021 with $31 million in volume and $20 million in open interest, per K33.

Already under pressure by the implosion of speculative memecoin activity, bearish crypto action and even a botched commercial, SOL tumbled roughly 10% from its weekend high, underperforming bitcoin’s (BTC) and ether’s (ETH) 4.5% and 3.8% declines, respectively.

While SOL’s debut may seem lackluster in absolute terms, it is more in balance with BTC’s and ETH’s first-day figures when adjusted to market value, K33 analysts Vetle Lunde and David Zimmerman noted. Solana’s market capitalization stood at around $65 billion on Monday, a fraction of ETH’s $200 billion and BTC’s $318 billion at CME launch.

Solana’s CME launch also had unfavorable timing, as market conditions play a crucial role in futures activity, K33 added.

Bitcoin’s CME futures arrived at the peak of the 2017 bull market as speculative fervor was pushing to the extremes, and ETH’s debut coincided with the early stages of the 2021 altcoin rally and Tesla’s BTC purchase announcement, fueling institutional participation. In contrast, SOL futures started trading as crypto markets turned bearish, without any hype or major catalyst driving immediate demand for the product, according to the K33.»It would appear that institutional demand for altcoins may be shallow, although we note that SOL’s launch has come in a comparatively risk-off environment,» K33 analysts said.

Read more: Multicoin’s Samani Explains Why SOL ETF Could Trounce ETH’s

Derivatives trader Josh Lim, founder of Arbelos Markets that was recently acquired by prime broker FalconX, said that the CME product opens up new ways for institutions to manage their exposure to Solana, regardless of the first-day demand. FalconX executed the first SOL futures block trade on CME on Monday with financial services firm StoneX.

«There’s enthusiasm for this new CME product launch,» Lim said in a Telegram message. Liquid funds will be able to manage around their SOL holdings, including those that bought locked tokens in the FTX liquidation process, he said. Additionally, exchange-traded fund issuers with plans to introduce SOL products could start with CME futures-based ETFs.

«People are missing the big picture on the new CME products,» Lim said. «It’s going to change the access that hedge funds have into altcoins.»