Blockchain investigator ZachXBT has raised concerns about the crypto industry’s ability to address security breaches and illicit fund movements following his involvement in freezing funds from the recent Bybit hack.
He argued that persistent vulnerabilities and inadequate responses from key players enable malicious actors to exploit weaknesses at scale.
Systemic failures
ZachXBT said that many of these exploits are caused by issues stemming from the fundamental flaws in both decentralized and centralized platforms.
According to his findings, some “so-called decentralized protocols” generate nearly all their volume and revenue from illicit actors, such as the Democratic People’s Republic of Korea (DPRK).
He noted that these platforms fail to take responsibility for facilitating illicit financial activity. Meanwhile, centralized exchanges delay responding to verified threat intelligence, allowing stolen assets to be laundered within minutes.
Additionally, know-your-transaction (KYT) solutions that are designed to detect illicit fund movements are frequently circumvented. At the same time, know-your-customer (KYC) measures often fail due to compromised user data and the ability to buy accounts.
ZachXBT emphasized that KYC issues are not exclusive to crypto and reflect broader regulatory failures in financial oversight.
Barriers to effective solutions
While acknowledging the risks of excessive government intervention, ZachXBT said he doubts the industry can effectively self-regulate.
He identified several obstacles to meaningful reform, such as large exchanges and services lacking rapid-response teams capable of addressing verified threat intelligence in real time.
In addition, these platforms often fail to support users impacted by hacks, sometimes withholding account data to limit liability. The legal recovery process for victims is slow, with certain exchanges resisting efforts to return stolen funds.
Centralized stablecoin issuers do not block addresses directly tied to major hacks, allowing illicit actors to retain access to stablecoin liquidity. He claims compliance tools used by major firms like Coinbase and Circle do not regularly flag illegal activity.
Meanwhile, some decentralized protocols fail to reassess their design despite most of their transaction volume originating from illicit sources.
ZachXBT pointed to new blockchain networks and cross-chain bridges that neglect basic analytics or security measures. He also flagged over-the-counter trading clusters in China operating on Tron, which continue to handle high volumes of illicit funds with little oversight.
Despite raising these concerns, ZachXBT clarifies that he does not advocate for increased government oversight but points out the crypto sector’s failure to address security gaps proactively.
Without industry-wide improvements in incident response, stablecoin issuer policies, and analytics integration, the problem is unlikely to be resolved. ZachXBT’s findings suggest that, for now, illicit actors remain steps ahead of the industry’s security measures.
Mentioned in this article
Read the full article here