Key Facts

• The cryptocurrency sector has been plagued by cybersecurity issues, with malicious actors, particularly North Korea's Lazarus Group, stealing more than $2.2 billion since 2022.
• Despite tripling the number of code audits within the same period, the industry has not seen a significant decline in the total number of incidents or the amount of money stolen.
• The majority of successful attacks target human vectors, with the top causes of exploits often bypassing the attack surface protected by audits, according to research by Oak Security.
• Traditional audits are limited in their ability to prevent attacks, as they primarily focus on code vulnerabilities and do not address operational risks such as compromised private keys, governance manipulation, and insider compromise.
• The industry's current approach to security, which relies heavily on code audits, creates a "dangerous illusion" that security has already been solved, when in fact the most serious risks increasingly exist outside the codebase.