Over the past year or so, individual cryptocurrency security has fallen behind. Whereas once hackers and thieves were focused on the extreme amounts of cryptocurrency being held by exchanges and other protocols, research by both Chainalysis and Elliptic has confirmed that crypto thieves have turned attention to the relatively easy territory of individual wallet holders.
The result is a growing wave of sophisticated wallet-level attacks, combining social engineering, SIM swapping, and device exploits to devastating effect.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
Today’s Security Norms are an Illusion
Today, standard crypto wallet security involves a combination of two-factor authentication, passwords and seed phrases. There was a time these measures were considered robust, but in reality, they are far from foolproof. For the vast majority of crypto holders, two-factor authentication involves using an email address or a phone number to confirm identity. The issue with this is the modern-day smartphone, which, if unlocked, provides immediate access to both text messages and email inboxes. Meaning thieves can drain a crypto wallet with ease if they snatch your phone, something happening more and more on the streets of London, for example.
For crypto holders of all sizes, this shouldn’t only be concerning, but should trigger an entire rethink. Similarly, seed phrases, designed as the ultimate failsafe, are often stored insecurely, photographed, or backed up to cloud services, effectively handing hackers a key to the vault.
Firsthand Accounts
For years, I was involved in both facilitating and participating in big-ticket trades on the secondary market. For people selling or purchasing large amounts of crypto, exchanges often aren’t an option. This is largely due to impacting exchange liquidity and price movements; however, for many, it is also problematic due to bank blockages involving any payments associated with cryptocurrency, resulting in a general preference for private wallet transactions
During my years, I’ve personally been targeted by bad actors and have lost over two million dollars’ worth of crypto as a result, despite being extremely savvy when it comes to security and verification. I’ve chased thieves down the streets of Amsterdam and sat opposite Interpol in interview rooms trying to help them track down scammers. These weren’t amateur operations; they were highly organised schemes blending cyber-crime with traditional fraud tactics.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataA key issue is misrepresentation of funds. Claiming you own crypto you don’t, and there are a series of methods of doing so in a way almost completely impossible to discern as false. Test transactions can be faked, as can physical IDs, it’s also too easy to convincingly prove ‘ownership’ of crypto that in fact belongs to someone else.
The case for biometrics
The next logical step in crypto wallet security has to involve something that can prove, beyond a reasonable doubt, who the verified owner of a crypto wallet is. Facial and fingerprint recognition is already largely in use across traditional banking systems; it’s time it was extended to the cryptosphere.
What’s more, the key has to be ongoing biometric authentication. Without a continuous confirmation of identity, an unlocked wallet or a compromised password or seed-phrase enables a thief full access, to then run away and do as they please with the holdings. A continual system that confirms live identity makes this impossible.
To those worried about the impact of biometric security on privacy and data protection, the answer is simple. Encrypt the data, so it’s not a face that’s stored, it’s an anonymous numeric code, and store it on the blockchain.
Crypto has come a long way, but shouldn’t be complacent
It is staggering to consider how far cryptocurrency has come since its inception. From an obscure concept of decentralised currency, to a verified, legitimate form of value being embraced and adopted by financial institutions all over the world, and having a tangible impact on the biggest global stage there, by influencing US policy.
However, progress is guaranteed to stall if personal wallet security isn’t improved. Some of the biggest trades in crypto occur on the private, secondary market, away from the security measures in place by major, centralized crypto exchanges. If this private market continues to be plagued by scams, theft and hacks, the HNWIs so important to the continued growth of cryptocurrency are bound to be deterred.
For crypto to reach its full potential, the industry must treat wallet protection not as an afterthought but as the front line of financial security.
A time for change
For now at least, headlines about exchange exploits costing billions of dollars are a thing of the past. The real danger now lies in targeted attacks of individual wallets, where life savings and personal fortunes can be stored and lost. The answer is not more passwords or longer seed phrases, it’s smarter authentication built using technology that belongs in 2025.
I’ve seen firsthand the fallout of wallet compromises. They can be devious, smart, and almost impossible to notice before it’s too late. Developers, custodians, and investors alike need to recognise that security is no longer about trusting devices or documents, but about verifying identity in a way that even a hacker can’t fake.
By Matthew Jones, Founder of HAVEN
