Cybersecurity and digital assets - a constantly evolving threat

The digital asset sector is going through a period of change caused by, amongst other things, additional market adoption and perceived certainty and scrutiny arising from shifts in the regulatory perimeter. Cybersecurity remains an important consideration for organisations operating in this space, and this is particularly the case for those who fall within the regulatory perimeter which likely brings with it additional regulatory reporting requirements following an incident. This is coupled with the fact that organisations (both large exchanges, and smaller projects) in the digital assets sector have been specifically targeted by threat actors over recent years. 

In February 2025, the cryptocurrency exchange ByBit was subject to a hack which reportedly resulted in circa $1.5 billion worth of cryptocurrency being stolen from it. The incident hit global headlines and became the catalyst for the international co-operation between ecosystem businesses who have been collectively working together to identify and flag digital assets which originated from the hack. This is encouraging and should give organisations confidence in grappling with these issues. However, this is not an isolated incident and unfortunately is one of many exchange related hacks over recent years. For example, in May 2025 the cryptocurrency exchange Coinbase was the victim of a cybersecurity incident which reportedly resulted in customer data being accessed.

There are several key lessons for the digital assets industry: 

1. Threat actors will continue to use sophisticated attack vectors to compromise an organisation. Organisations should audit their technical environment (including smart contracts) to identify and manage potential vulnerabilities. 
2. Operational resilience is here to stay – be ready, be vigilant. Cybersecurity should be put on the agenda at board level and organisations should regularly sense check their cybersecurity hygiene and carry out penetration tests. Response plans should be developed and the response team identified and ready to move. 
3. Be Prepared. The better organisations are able to prepare, the better they will be able to respond and drive an internal investigation and address any asset recovery or asset protection strategies. 
4. Organisations should think about who they are working with and the consequences of an incident on either side. This should include reviewing their cybersecurity posture. Supply chain risk remains one of the highest risks for organisations of all sizes.
5. The pace of regulatory adoption is increasing. As a result, many organisations over the coming years will be more likely to fall within a regulated environment in this jurisdiction or others. This increases the chance that a cybersecurity incident may require reporting to one or more independent regulators. This will bring with it additional scrutiny and so highlights the importance of being able to explain the decisions that were taken to protect the organisation. 
6. Digital assets will likely continue to be a target area for threat actors. The availability of obfuscation techniques (for example, utilising chain peeling, or mixing services) makes it an attractive asset class for malicious activity. However, it should not be assumed that threat actors will solely focus on accessing digital assets within an organisation’s environment – they may also be looking at confidential or personal data. Wider operational security is important. 
7. The insurance market is still developing. Consult a specialist insurance broker to ensure that any cover that is obtained meets the needs of the organisation. Consideration needs to be given to the need to insure both first and third-party losses and to ensuring that potential gaps (including specific exclusions and limits of indemnity) are identified and addressed. 
8. Market perception is everything – how an incident is dealt with can significantly increase the ability to recover and regain confidence. Organisations should not underestimate the importance of clear, succinct and regular communications with customers and stakeholders. 
9. Learn from others in the industry, and ‘near misses.’ Wherever possible share information across others in the sector, even if they are competitors. There is strength in shared information and best practice.

The risks of ‘getting it wrong’ from a financial and reputational perspective remain high when it comes to addressing cyber related issues in the digital assets sector. Organisations in the digital assets sector must continue to recognise and emphasise the importance of risks which are unique to all businesses. Preparation is often the key in dealing with related issues.

At Kingsley Napley we are experienced in a range of cybersecurity, digital assets and crisis management related matters. Please contact the writers if you would like to discuss any aspects of this article. 

Further information

If you have any questions regarding this blog, please contact Chris Recker and Kathaleen Anderson in our Dispute Resolution team. 

About the authors

Chris is a Legal Director in the Dispute Resolution team. He focuses his practice on complex (and often international) commercial litigation, arbitration and investigations involving allegations of fraud or dishonesty. He acts for both Claimants and Defendants in those matters.

Kathaleen is a trainee solicitor at Kingsley Napley and is currently in her fourth seat with the Dispute Resolution Team.