Blockchain investigator ZachXBT has raised concerns about the crypto industry’s ability to address security breaches and illicit fund movements following his involvement in freezing funds from the recent Bybit hack. He argued that persistent vulnerabilities and inadequate responses from key players enable malicious actors to exploit weaknesses at scale. Many of these exploits are caused by issues stemming from the fundamental flaws in both decentralized and centralized platforms. According to his findings, some “so-called decentralized protocols” generate nearly all their volume and revenue from illicit actors, such as the Democratic People’s Republic of Korea (DPRK). He noted that these platforms fail to take responsibility for facilitating illicit financial activity.
ZachXBT also mentioned that centralized exchanges delay responding to verified threat intelligence, allowing stolen assets to be laundered within minutes. Additionally, know-your-transaction (KYT) solutions that are designed to detect illicit fund movements are frequently circumvented, and know-your-customer (KYC) measures often fail due to compromised user data and the ability to buy accounts. He emphasized that KYC issues are not exclusive to crypto and reflect broader regulatory failures in financial oversight.
While acknowledging the risks of excessive government intervention, ZachXBT said he doubts the industry can effectively self-regulate. He identified several obstacles to meaningful reform, such as large exchanges and services lacking rapid-response teams capable of addressing verified threat intelligence in real time. Centralized stablecoin issuers do not block addresses directly tied to major hacks, allowing illicit actors to retain access to stablecoin liquidity. Compliance tools used by major firms like Coinbase and Circle do not regularly flag illegal activity. Meanwhile, some decentralized protocols fail to reassess their design despite most of their transaction volume originating from illicit sources.
Despite raising these concerns, ZachXBT clarifies that he does not advocate for increased government oversight but points out the crypto sector’s failure to address security gaps proactively. Without industry-wide improvements in incident response, stablecoin issuer policies, and analytics integration, the problem is unlikely to be resolved. ZachXBT’s findings suggest that, for now, illicit actors remain steps ahead of the industry’s security measures. He also mentioned over-the-counter trading clusters in China operating on Tron, which continue to handle high volumes of illicit funds with little oversight.
In conclusion, ZachXBT’s investigation highlights the critical need for the crypto industry to address security vulnerabilities and illicit fund movements proactively. The persistence of vulnerabilities and inadequate responses from key players enable malicious actors to exploit weaknesses at scale, posing a significant threat to the sector. Despite the risks of excessive government intervention, there are barriers to effective solutions within the industry, such as delays in responding to threat intelligence, failure to support users impacted by hacks, and the slow legal recovery process for victims. Without industry-wide improvements in incident response, stablecoin issuer policies, and analytics integration, the crypto sector will continue to lag behind illicit actors in security measures. ZachXBT’s findings underscore the urgent need for meaningful reform and increased vigilance within the industry to protect users and combat illicit financial activities effectively.
