Will crypto firms level up security in 2025?

When we interviewed Philip Martin (CSO at Coinbase), we asked him what’s different about crypto security, compared with cybersecurity in general. At Coinbase, Martin and his team are heavily focused on developing best practices for crypto security – and as we move into 2025, crypto firms across the sector will need to level up their security to protect data, finances, and consumer trust. 

“As the largest public crypto company, Coinbase operates with more financial transparency,” Martin noted. “Aside from sharing our financial statements quarterly, we’re audited annually by an independent third-party as required by law.” 

This level of transparency is increasingly in demand across crypto. Consumers now expect more from the trading platforms they use to manage their currency – partly because they understand more about the origins and movement of the cryptocurrencies they trade. People are getting educated. And that increase in knowledge means they can point out the weaknesses in the crypto services provided by platforms. 

For Coinbase, “A key guiding principle is that your crypto is your crypto. We don’t lend or take any action with your assets without your permission.” 

“We provide powerful security features to all our users. These include auto-enrolled 2 factor-authentication (with security key support), password protection, and multi-approval withdrawals in Coinbase Vault, among others.” 

Crypto risks are on the rise

We know the threat landscape is increasingly complex for all industries – and the crypto space is no exception. 

Crypto firms come up against a complex array of cyber threats, with some of them easier to detect than others. 

In particular, phishing and social engineering attacks are booming. Bolstered by the power of AI, attackers target crypto firms, employees, and crypto users with malicious emails and fake websites designed to steal their sensitive data. 

And ransomware attacks are also increasing significantly in crypto. In 2023, cybercriminal groups hit a new milestone: they surpassed USD $1 billion in extorted cryptocurrency payments. Threat actors generally perceive crypto firms to have access to large sums of currency, so they’re capable of paying significant ransoms – which makes them attractive targets. 

For crypto firms, their own team members are often the first line of defence in both phishing and ransomware attacks. So comprehensive security awareness and training programs are essential – they can’t be overlooked, no matter how much pressure and fast-paced change those firms are facing. 

So crypto firms must be proactive (and collaborative) about security 

In crypto, being proactive about security means looking way ahead of where we are right now: the ecosystem is changing fast, and security needs to be built into the architecture of cryptocurrency services. 

Martin is involved in enabling crypto firms to reevaluate their security protocols and consider the threats that might be coming next: 

“As a founding member of Crypto ISAC (Information Sharing and Analysis Center), a non-profit initiative dedicated to enhancing security within the crypto ecosystem, Coinbase helps inform the ecosystem of security threats, resolving vulnerabilities, and sharing and implementing best practices for risk mitigation.” 

And to continue to build a robust security ecosystem around cryptocurrencies in general, collaboration is critical. 

“Because scammers often operate across multiple online platforms, it’s crucial to avoid tunnel vision on just crypto,” Martin added. “That’s why broader initiatives like Tech Against Scams and our work with law enforcement agencies are essential. By maintaining a collaborative approach across industries and between the public and private sector, we can better safeguard users across the entire digital landscape.”

There’s no doubt that new waves of attacks against crypto spaces will continue throughout 2025. So if there was ever a time to level up security, it’s now – and crypto companies must not skip important steps in their rush to get products or services to the market. 

Join us at Black Hat MEA 2025 to share your perspective and meet potential partners – and shape the future together.