According to Hacken's 2025 security report, $4 billion was stolen from crypto users in the past year alone. That number has been climbing for years. The total since 2016 sits somewhere above $20 billion. Here's the part that stops people in their tracks: most of it wasn't the result of some sophisticated exploit. No one cracked your wallet's encryption, and no one broke the blockchain.
They just asked for your seed phrase.
We sat down with Igor Bershadsky, Chief Growth Officer at Hacken, a leading Web3 cybersecurity firm, at Solana Breakpoint to talk about where crypto security is actually failing people. His answer was clear: the weakest link in the system isn't the technology…it's us.
Igor has spent years auditing the security of wallets, exchanges, and crypto projects. When we asked him about the next big security trend, he didn't point to code vulnerabilities or zero-day exploits. He pointed to people.
"It all comes down to social engineering right now," he told us. "You are as secure as your weakest link. And we find that the users happen to be the weakest link."
The numbers back him up. In the first half of 2025 alone, $2.1 billion in crypto was stolen. Roughly 80% of that came from front-end hacks and seed phrase exploits. Not broken cryptography. Not compromised hardware. People were tricked, pressured, or confused into handing over the one thing that controls everything: their seed phrase. Additionally, within the span of a week in April 2026, a fake Ledger app found its way into the Apple App Store causing the loss of over $9.5m from over 50 people.
This is not a fringe problem. This is the main problem.
Part of what makes social engineering so effective is that crypto's existing security model is hard to follow. Write down 12 or 24 random words, store this somewhere safe, don't lose them, don’t move it online or on a cloud, the list goes on.
For most people, that's not a security system. It's a confusing, anxiety-fueled spiral.
The friction is real, which means people make shortcuts. They screenshot their seed phrase, throw it into an email, or just don’t do anything at all! Each of those shortcuts is an open door for a social engineering attack.
When Igor tried the Ryder One for the first time at Solana Breakpoint, he was expecting a typical hardware wallet experience. He wasn't expecting to have a working wallet in under a minute, without reading a manual.
"If you really follow the instructions, it's actually pretty simple," he said. "It's not your typical crypto wallet. But this is actually really cool."
What surprised him most was how the recovery system worked. With Ryder, your backup is distributed across three layers using a method called TapSafe Recovery: a Recovery Tag, a phone backup, and optional Recovery Contacts. No single piece gives anyone full access to your funds. If someone gets your Recovery Tag, they still can't access your wallet. If someone gets into your phone, same result. Your seed phrase is still available on-device if you ever need it as a last resort, and it meets the BIP-39 standard so you're never locked to Ryder hardware.
This matters because it directly addresses the social engineering threat. There's no single phrase to steal. There's no single moment of confusion that unlocks everything. The attack surface is much smaller.
Igor's reaction after setting up his wallet: "I'm comfortable that even probably my 13-year-old daughter can figure this out."
That's the bar we're building for.
Igor also touched on self-custody vs. centralized exchanges. Exchanges may solve the usability issue, but they create a whole new set of problems. Not your keys, not your crypto. We saw it with FTX.
FTX collapsed in 2022, taking over $8 billion in customer funds with it. People who held their crypto on the exchange had no recourse. People who held their own private keys were unaffected. That’s the power of self-custody.
The lesson isn't that exchanges are evil. It's that custody is a decision, and most people don't know they're making it.
His advice: if you're going to use a centralized exchange, check whether they're doing proof of reserves and independent security audits. If you're not sure, look it up on Hacken.live, Hacken's free security ranking tool for wallets, tokens, and platforms.
Igor was careful not to be alarmist, but the numbers speak for themselves. $4 billion in one year. $20 billion since 2016. Institutional money is flowing into crypto faster than ever, and that makes it a bigger target, not a smaller one.
The good news is that the tools to protect yourself have never been better or easier to use. The barrier now isn't technology, it's awareness.
If you're holding crypto on an exchange or a hot wallet, it's worth asking one question: if someone called you tomorrow and said your account was drained, would regret not using a hardware wallet?
Get a hardware wallet, understand how your recovery works, and make sure the people you'd want to inherit your crypto know how to access it safely.
The only crypto wallet you can install on a crowded subway.
Set it up in less than 60 seconds and just tap your phone to send, swap, and recover.
Share: