Blockchain investigator ZachXBT has expressed serious concerns regarding the crypto industry’s capacity to effectively manage security breaches and the movement of illicit funds, especially after his recent efforts to freeze assets linked to the Bybit hack.
He contended that ongoing vulnerabilities and inadequate reactions from industry leaders permit bad actors to exploit weaknesses on a large scale.
### Systemic Issues
ZachXBT pointed out that many of these breaches originate from fundamental flaws present in both decentralized and centralized platforms.
His research indicates that a significant portion of the activity and revenue generated by certain “decentralized protocols” comes from illicit actors, including entities from the Democratic People’s Republic of Korea (DPRK).
He stressed that these platforms often shirk responsibility for enabling unlawful financial activities. Centralized exchanges, on the other hand, are slow to act on verified threat intelligence, allowing stolen assets to be laundered within minutes.
Moreover, know-your-transaction (KYT) solutions aimed at identifying illegal fund movements are often bypassed, while know-your-customer (KYC) measures are compromised by stolen user data and the ability to purchase accounts.
ZachXBT highlighted that issues with KYC are not limited to the crypto space but are indicative of broader regulatory shortcomings in financial oversight.
### Challenges to Effective Solutions
While he recognizes the dangers of excessive government involvement, ZachXBT expressed skepticism about the industry’s ability to self-regulate effectively.
He identified several barriers to meaningful reform, including the absence of rapid-response teams among large exchanges that could handle verified threat intelligence in real-time.
Additionally, these platforms frequently fall short in supporting users impacted by hacks, sometimes withholding account information to limit their own liability. The process for legal recovery for victims tends to be sluggish, with certain exchanges resisting efforts to recover stolen assets.
Centralized stablecoin issuers often do not block addresses linked to significant hacks, thus allowing malicious actors continued access to stablecoin liquidity. ZachXBT claims that compliance tools employed by major entities do not consistently flag illegal activities.
At the same time, some decentralized protocols fail to rethink their designs even though a majority of their transaction activity is linked to illicit sources.
He pointed out newer blockchain networks and cross-chain bridges that neglect basic analytics or security precautions, as well as over-the-counter trading hubs in China operating on Tron, which continue to handle substantial volumes of illegal funds with minimal oversight.
Despite voicing these concerns, ZachXBT made it clear that he does not advocate for increased governmental oversight; rather, he emphasizes the crypto sector’s lack of proactive measures to close security gaps.
Without comprehensive improvements in incident response, stablecoin issuer practices, and analytics integration, the issues are unlikely to be resolved. His findings indicate that, for the time being, illicit actors continue to stay several steps ahead of the industry’s security frameworks.