The recent security breach for around $1.5 billion at Bybit, the world’s second-largest cryptocurrency exchange by trading volume, sent ripples through the digital asset community. With $20 billion in customer assets under custody, Bybit faced a significant challenge when an attacker exploited security controls during a routine transfer from an offline “cold” wallet to a “warm” wallet used for daily trading.

Initial reports suggest the vulnerability involved a home-grown Web3 implementation using Gnosis Safe — a multi-signature wallet that uses off-chain scaling techniques, contains a centralized upgradable architecture, and a user interface for signing. Malicious code deployed using the upgradable architecture made what looked like a routine transfer actually an altered contract. The incident triggered around 350,000 withdrawal requests as users rushed to secure their funds.

While considerable in absolute terms, this breach — estimated at less than 0.01% of the total cryptocurrency market capitalization — demonstrates how what once would have been an existential crisis has become a manageable operational incident. Bybit’s prompt assurance that all unrecovered funds will be covered through its reserves or partner loans further exemplifies its maturation.

Since the inception of cryptocurrencies, human error — not technical flaws in blockchain protocols — has consistently been the primary vulnerability. Our research examining over a decade of major cryptocurrency breaches shows that human factors have always dominated. In 2024 alone, approximately $2.2 billion was stolen.

What’s striking is that these breaches continue to occur for similar reasons: organizations fail to secure systems because they won’t explicitly acknowledge responsibility for them, or rely on custom-built solutions that preserve the illusion that their requirements are uniquely different from established security frameworks. This pattern of reinventing security approaches rather than adapting proven methodologies perpetuates vulnerabilities.

While blockchain and cryptographic technologies have proven cryptographically robust, the weakest link in security is not the technology but the human element interfacing with it. This pattern has remained remarkably consistent from cryptocurrency’s earliest days to today’s sophisticated institutional environments, and echoes cybersecurity concerns in other — more traditional — domains.

These human errors include mismanagement of private keys, where losing, mishandling, or exposing private keys compromises security. Social engineering attacks remain a major threat as hackers manipulate victims into divulging sensitive data through phishing, impersonation, and deception.

Human-Centric Security Solutions

Purely technical solutions cannot solve what is fundamentally a human problem. While the industry has invested billions in technological security measures, comparatively little has been invested in addressing the human factors that consistently enable breaches.

A barrier to effective security is the reluctance to acknowledge ownership and responsibility for vulnerable systems. Organizations that fail to clearly delineate what they control — or insist their environment is too unique for established security principles to apply — create blind spots that attackers readily exploit.

This reflects what security expert Bruce Schneier has termed a law of security: systems designed in isolation by teams convinced of their uniqueness almost invariably contain critical vulnerabilities that established security practices would have addressed. The cryptocurrency sector has repeatedly fallen into this trap, often rebuilding security frameworks from scratch rather than adapting proven approaches from traditional finance and information security.

A paradigm shift toward human-centric security design is essential. Ironically, while traditional finance evolved from single-factor (password) to multi-factor authentication (MFA), early cryptocurrency simplified security back to single-factor authentication through private keys or seed phrases under the veil of security through encryption alone. This oversimplification was dangerous, leading to the industry’s speedrunning of various vulnerabilities and exploits. Billions of dollars of losses later, we arrive at the more sophisticated security approaches that traditional finance has settled on.

Modern solutions and regulatory technology should acknowledge that human error is inevitable and design systems that remain secure despite these errors rather than assuming perfect human compliance with security protocols. Importantly, the technology does not change fundamental incentives. Implementing it comes with direct costs, and avoiding it risks reputational damage.

Security mechanisms must evolve beyond merely protecting technical systems to anticipating human mistakes and being resilient against common pitfalls. Static credentials, such as passwords and authentication tokens, are insufficient against attackers who exploit predictable human behavior. Security systems should integrate behavioral anomaly detection to flag suspicious activities.

Private keys stored in a single, easily accessible location pose a major security risk. Splitting key storage between offline and online environments mitigates full-key compromise. For instance, storing part of a key on a hardware security module while keeping another part offline enhances security by requiring multiple verifications for full access — reintroducing multi-factor authentication principles to cryptocurrency security.

Actionable Steps for a Human-Centric Security Approach

A comprehensive human-centric security framework must address cryptocurrency vulnerabilities at multiple levels, with coordinated approaches across the ecosystem rather than isolated solutions.

For individual users, hardware wallet solutions remain the best standard. However, many users prefer convenience over security responsibility, so the second-best is for exchanges to implement practices from traditional finance: default (but adjustable) waiting periods for large transfers, tiered account systems with different authorization levels, and context-sensitive security education that activates at critical decision points.

Exchanges and institutions must shift from assuming perfect user compliance to designing systems that anticipate human error. This begins with explicitly acknowledging which components and processes they control and are therefore responsible for securing.

Denial or ambiguity about responsibility boundaries directly undermines security efforts. Once this accountability is established, organizations should implement behavioral analytics to detect anomalous patterns, require multi-party authorization for high-value transfers, and deploy automatic “circuit breakers” that limit potential damage if compromised.

In addition, the complexity of Web3 tools creates large attack surfaces. Simplifying and adopting established security patterns would reduce vulnerabilities without sacrificing functionality.

At the industry level, regulators and leaders can establish standardized human factors requirements in security certifications, but there are tradeoffs between innovation and safety. The Bybit incident exemplifies how the cryptocurrency ecosystem has evolved from its fragile early days to a more resilient financial infrastructure. While security breaches continue — and likely always will — their nature has changed from existential threats that could destroy confidence in cryptocurrency as a concept to operational challenges that require ongoing engineering solutions.

The future of cryptosecurity lies not in pursuing the impossible goal of eliminating all human error but in designing systems that remain secure despite inevitable human mistakes. This requires first acknowledging what aspects of the system fall under an organization’s responsibility rather than maintaining ambiguity that leads to security gaps.

By acknowledging human limitations and building systems that accommodate them, the cryptocurrency ecosystem can continue evolving from speculative curiosity to robust financial infrastructure rather than assuming perfect compliance with security protocols.

The key to effective cryptosecurity in this maturing market lies not in more complex technical solutions but in more thoughtful human-centric design. By prioritizing security architectures that account for behavioral realities and human limitations, we can build a more resilient digital financial ecosystem that continues to function securely when — not if — human errors occur.

A new proposal submitted to the U.S. Securities and Exchange Commission’s (SEC) newly-established Crypto Task Force by a Maximilian Staudinger makes the case for XRP as a “strategic financial asset” for the United States (using some very questionable math and logic).

I’m here to tell you that XRP is not a strategic asset and that the logic in this proposal is dubious at best.

In the proposal, Staudinger states that $5 trillion is locked up in U.S. Nostro accounts (accounts that banks use for cross-border payments). And he claims that if certain regulatory conditions were created — including the SEC classifying XRP as a payment network, the U.S. Department of Justice (DoJ) providing legal clearance for banks to use XRP, and the Federal Reserve mandating that banks use XRP as a liquidity solution — then 30% of this capital ($1.5 trillion) would be freed up for the U.S. government to buy 25 million bitcoin at $60,000 per bitcoin.

So, let’s break down why this makes little sense.

First, Nostro accounts are simply bank accounts that U.S. banks hold in foreign countries. I’m not sure what sort of logic includes these domestic banks turning over the U.S. dollars that XRP would theoretically replace to the Federal government so that these dollars could then be used to acquire bitcoin on behalf of the government.

Second, the proposal doesn’t offer details on how these domestic banks would obtain the XRP that would replace the dollars. It only seems logical that they’d have to purchase the XRP, leading to XRP absorbing this $1.5 trillion, not bitcoin. Even if Ripple, XRP’s issuer, wanted to simply give these banks XRP to use, this still wouldn’t work, as it only holds about $100 billion in XRP — far short of $1.5 trillion.

Third, even if bitcoin’s price were to dip to $60,000, the price would begin increasing immediately as the U.S. government began purchasing the 25 million bitcoin.

Lastly, there’s a hard cap of 21 million bitcoin (and approximately 4 million have been lost), which is a well-known fact in the Bitcoin or crypto space. Therefore, it’s quite silly to suggest that the U.S. government could buy 25 million bitcoin. If the author were even a half-serious person, he might have suggested that the government buy 15 million bitcoin at $100,000 per bitcoin (though the math still wouldn’t work out).

Given how faulty the logic behind this proposal is, it’s difficult to consider XRP a strategic asset. Plus, why would the U.S. government do so when two thirds of the supply is still in the hands of the organization that issued the asset? It doesn’t make much sense.

Bitcoin, on the other hand, is a globally distributed asset that many around the world use as both money and a store of value. Plus, the Bitcoin network is governed by tens of thousands of nodes and is virtually impenetrable, thanks to the approximately 0.4% of the world’s energy that protects it. (The XRP network is governed by 828 nodes and isn’t protected by any amount of energy.) Theses factors make bitcoin a logical reserve asset, which is how the U.S. government now officially classifies it.

So, hopefully, the SEC already understands what I’ve outlined in this piece and doesn’t spend much time even considering Mr. Staudinger’s proposal.

This article is a Take. Opinions expressed are entirely the author’s and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Imagine a world where your digital identity is truly your own, where every post, connection, and interaction isn’t locked within the walls of a corporate platform but exists as an extension of your personal autonomy. This isn’t a utopian vision, it’s the necessary evolution of social media in an era where digital sovereignty is a fundamental right.

For decades, we have unknowingly traded our digital independence for the convenience of centralized platforms. Facebook, Twitter, Instagram, these platforms have shaped our digital lives, yet they function more like gilded cages. Every post we create, every relationship we cultivate, every conversation we engage in is ultimately controlled by corporations that can modify, monetize, or erase our digital existence with a single policy change or algorithmic decision.

A New Future for TikTok

As TikTok decides on its ownership future, Project Liberty has teamed up with Alexis Ohanian, the co-founder of Reddit and a pioneer in online community building, and Kevin O’Leary, renowned investor and entrepreneur known for his role on Shark Tank, to take the platform on-chain. Why?

At its core, this is about more than just TikTok. It’s about who controls the digital spaces where billions connect, create, and consume information. For too long, the internet’s most vibrant communities have been shaped –and ultimately governed– by a handful of corporations. Project Liberty is leading the movement to change that, ensuring that social networks serve the people who power them, not just those who own them.

The key to this shift is Frequency, a public, permissionless blockchain developed by Project Liberty’s technology team and designed specifically for high-volume social networking, reinforces the foundation of a user-driven internet, prioritizing interoperability, data sovereignty, and resilience against centralized control. Together, these initiatives aim to move social media away from corporate ownership and toward an open, user-controlled model.

TikTok, for all its cultural impact, is no different. As the debate over its ownership and data practices continues, the larger issue remains unresolved: should a single entity, whether a government or a corporation, control the social fabric of a generation? What’s at stake isn’t just who owns TikTok but whether a platform of its scale can operate outside the confines of centralized control. If it is to be reimagined within a decentralized framework, it will require a foundation built on true interoperability, user-owned data, and open governance. This is where Frequency comes in.

From TikTok to Bluesky: Building a Decentralized Future

The question of TikTok’s future highlights a much larger shift in how we think about social media. The need for decentralization is no longer theoretical, it’s an urgent necessity. Bluesky, an open-source social media project, is one attempt to answer that call.

Bluesky is not just another platform, it represents an effort to redefine the relationship between users and their digital identities. But true digital liberation demands more than good intentions, it requires a structural commitment to full decentralization. It offers a glimpse into what a decentralized social web could look like, but key vulnerabilities remain.

Bluesky, for all its promise, still relies on structural choke points that pose a risk to its long-term decentralization. Storage nodes largely remain centralized under the control of Bluesky PBC or 3rd party providers, meaning user data is still housed in locations that could become points of control. Relay and Firehose systems, responsible for data distribution, remain concentrated in the hands of a few. And while it is positive that Bluesky has implemented the W3C standard for Decentralized Identifiers (DIDs), the PLC (Public Ledger of Credentials) directory is also centralized. These may seem like small technical details at present, but history has repeatedly shown how seemingly minor technical decisions can become the very mechanisms through which power is consolidated and autonomy is eroded.

Frequency, the Backbone of a Decentralized Social Web

This is where Frequency enters the picture, not just as a blockchain, but as an entirely new framework for digital identity and social media governance. Frequency isn’t merely modifying the current model; it is rethinking how we interact online from the ground up. Instead of central authorities dictating terms, Frequency ensures that users — not platforms — hold the keys to their digital lives.

Decentralization is more than a technical shift, it’s about restoring fundamental rights. Users must have the ability to grant access to their data, but just as crucially, they must have the power to revoke it. The relationships they build online — followers, connections, conversations — must belong to them, not to a platform that can manipulate or erase them at will.

Decentralization With Purpose

Frequency operates on the principle of minimal, purposeful decentralization which makes long term sustainability of the ecosystem at population scale viable. The only data stored on-chain is what is essential to guarantee individual data rights. This design approach allows for efficient chain optimization focused on core social events, primarily activity related to account, graph, and communication primitives.This focus on core social allows for tokenized incentives to be designed around management of network capacity, with specific incentives for creators, consumers and other more specific actors left to higher levels of the technology stack.

The promise of a user-owned internet is incomplete without robust safeguards that protect personal data. Frequency ensures that users have cryptographic protection over their information, along with granular controls that dictate how their data is shared. At the same time, they should have the flexibility to impose platform-specific restrictions, ensuring that their content appears only in the digital spaces where they want it to be seen. Further, they must be able to delete their content at their discretion. They should also have the power to restrict content to specific platforms if they choose to do so.

This approach directly addresses the fundamental roadblocks that have prevented previous attempts at decentralization from scaling. Frequency ensures that no single entity — not even its own node operators—has the power to alter or censor user data. It provides a decentralized backup of Bluesky’s Firehose, ensuring that user-generated content remains accessible beyond the control of a single party. Its architecture is designed not just for ideological purity but for practical sustainability and scalability, offering minimal latency and cost-efficient operations to ensure the system remains viable for mass adoption.

Achieving Digital Self-Sovereignty

The internet was meant to be open, interconnected, and free. But today, we stand at a crossroads: either we continue to rely on corporate-controlled social media, or we take the necessary steps to create a more open, user-owned digital future.

Bluesky is a step forward, but without addressing its remaining points of centralization, it risks becoming just another walled garden, perhaps a slightly more open one, but still one where users lack true control. TikTok presents an even bigger challenge. The debate over its ownership is missing the point. The real question isn’t who should own TikTok, but whether any social media giant should be owned at all in the traditional sense. Decentralization offers a new way forward, one where platforms are built around user sovereignty, rather than corporate control.

With Frequency, we are moving one step closer to reclaiming the original promise of the internet. True digital liberation requires breaking free from the data monopolies that have defined the social media era. This isn’t just a technological upgrade, it’s a necessary shift in power.