Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
“It’s getting harder and harder to prove who you are,” said Federico Farriola, CEO of Vimex. It speaks to a growing concern sweeping the cryptocurrency industry — a concern that goes far beyond smart contracts or infrastructure failures.
Speaking during a recent panel discussion alongside Ian Rogers, director of customer experience at Ledger, and Dmitry Bodorin, co-founder and CEO of cybersecurity firm Hacken, Fariola explained how security threats in cryptocurrencies are manifesting on the ground. The tools change with AI, but the vulnerability is still in people – in the way they communicate with others, make quick decisions and choose who to trust.
Most of it comes down to daily actions. Across platforms and wallets, there is a common understanding that routines shape how incidents occur. Federico Farriola translates directly into how platforms design their operations, introduce barriers, and manage people’s interactions with wallets, social platforms and identities on the blockchain.
At the start of the discussion, Federico addressed a question the industry continues to ask: Are cryptocurrencies becoming more vulnerable in terms of security, or are attackers simply becoming more skilled?
Federico Farriola said that it can be said that this year is the worst in the history of cybercrimes, and that next year will be worse. He explained that the reason is not that we have become less efficient in security, but rather because the value has become greater. When there is more value, the prize becomes bigger, and the bigger the prize, the more people try to capture that value.
Sponsored
Sponsored
Explain that as the cryptocurrency sector grows, the incentives for attackers increase. This creates a constant state of imbalance, where the capabilities of the attackers often exceed the defenses, especially in periods of bull markets, Fariola noted.
Federico Farriola said that we may live in a period of transition where offensive capabilities grow faster than protective means. In every wave of rising prices, people appear with a convincing logic that justifies the shortness of security measures, or negligence in the protection of private keys, or both, and the story always ends with a result.
Rogers shared a simple example to illustrate the point. Even people with significant cryptography experience, including those who are heavily involved in the development of the wallet, are victims of disguised links shared on platforms such as Discord or through browser wallets. He noted that experience helps but does not eliminate the need for constant caution.
When identity becomes a weakness
Farriola identified that the biggest change he sees is in how attacks are executed.
Federico Farriola said that these attackers are well financed, sometimes with the support of countries, and they move at a speed that is difficult to maintain. At the same time, he explained, the tools we all use, such as artificial intelligence and automation, are a double-edged sword. If we can use it, attackers can use it too. Social attacks have become more sophisticated. He even went so far as to impersonate him and use his likeness in video calls to try to deceive investors or business partners.
Ian Rogers emphasized the same idea from a hardware portfolio perspective, noting that many attacks today focus more on psychology than technology. For Fariola, this is consistent with what platforms have already observed: it is often easier to convince people than to hack systems.
Any of us could fall into the trap, Rogers told the audience. Even in experienced cryptocurrency teams, a combination of familiarity, urgency, and well-done social engineering is often enough to bypass even the strictest security practices.
The reality of the exchange: cold, warm and human
From the stock market’s point of view, Federico carefully separates guarantees from assumptions.
Federico said that what we guarantee users must be completely untouchable, and this is the cold wallet. This is non-negotiable. Hot wallets, by definition, present an inherent risk because they are always online.
These risks increase during periods of high market activity.
Federico said that when there is a bull market, users wait for hot wallets to be filled. They move quickly, often in large quantities especially in altcoins. User needs are very demanding.
Sponsored
Sponsored
This pressure creates tension. Users demand speed and convenience. But protection often requires certain obstacles.
Federico said you have to add layers of obfuscation to protect the funds, no matter what the user requests. Somehow, it ends up being resistant to the user’s wishes a little.
This reflects an uncomfortable reality for exchanges, but Federico believes it is inevitable if exchanges are more serious about long-term protection than immediate user satisfaction.
What does experience teach you?
During the hearing, Farriola briefly referenced a security incident that Phemex suffered last year.
One of the most important lessons for us was the realization that we were a bigger target than we thought, Farriola said.
Summarize the most important point learned about people.
“We don’t appreciate how widespread phishing and social engineering attacks are, and how they target the lower levels of the structure first, such as insiders, designers and people who don’t consider themselves security-focused, and then escalate to more important roles,” Fariola said.
Dmitry Budorin explained this with a direct analogy of how these attacks work, combining phishing with hunting. Even if the fish is not stupid enough to fall for the plastic bait, he explained, moments of routine or distraction are often enough for the attackers to be successful. In his words, the danger lies in the inevitability of falling.
Sponsored
Sponsored
This way of thinking is consistent with the way Farriola approaches protection.
Farriola said that it is not enough for engineers or managers to be careful, but everyone in the organization must understand the risks that are exposed. Even the lowest apprentice must be fully aware of the situation.
Budorin went further, arguing that the primary target in many cases is not the junior employee, but the executive himself. Public figures, founders and CEOs are often directly attacked for their visibility and authority in the sector.
After the incident, Phemex strengthened security measures at all levels, but the biggest change happened internally.
Social classes and financial classes do not mix
Frederico Farriola said that crypto is a very social industry. Non-fungible tokens, social media, Telegram – all these platforms create targets for attacks.
Frederico Farriola particularly criticized how people informally handle sensitive interactions in environments that were never designed to be secure.
Fariola said that Telegram, in particular, is one of the worst managed platforms in terms of security, but it is considered the standard for the way the industry communicates.
He also expressed discomfort with the growing trends around portfolio tracking and public allocation.
Farriola explained that he doesn’t like the trend of portfolios following specific people. I feel this is against the spirit of crypto. But the reality is that as you become more successful in this industry, you become a bigger target, and you must devote more resources to protecting yourself.
Sponsored
Sponsored
Decentralization changes the economics of attacks
Fariola looks to the future and sees the decentralization and self-custody of wallets as part of a broader shift in how security cryptography evolves.
Fariola emphasized that as decentralization becomes more standard, the burden of security is distributed among the most vulnerable. Hackers have to target individuals one by one instead of just finding a weak point.
This does not eliminate the risk. Rather, it redistributes itself.
Fariola sees dex and decentralized platforms as presenting their own challenges. The base is just the code. You can’t stop the chain. New risks will emerge. But overall I believe it’s a positive outcome for the industry.
This requires trade-offs to adapt rather than resist.
Fariola stressed that centralized platforms will not disappear, but we will evolve. The security model must also change with user behavior.
Which cryptocurrencies will still be resilient in five years?
Federico Farriola looks to the future and does not describe the challenge as a point that crypto can only “solve” and pass.
Fariola stated that artificial intelligence will be the biggest challenge, and added that quantum computing will add another level of risk in the future.
When asked if AI was helping defenders as much as it was helping attackers, Fariola had a clear answer: Unfortunately, I think it enhances the capabilities of attackers more than it enhances user security.
Fariola sees this period as a moment of maturity for the industry. Crypto attracts strong technical talent, and security becomes part of how companies work and communicate every day. In systems designed to reduce reliance on trust, attention now turns to understanding where trust exists and managing it consciously.
