Time to take a page out of the account takeover prevention playbook.
I want to draw a parallel.
Let’s start with account takeover fraud, how it’s evolved, and how financial institutions have started assuming more accountability for protecting their users against this pervasive threat. I want to draw some connections to the emerging fraud threats in the crypto space, including wallet providers, token/coin issuers, and exchanges and identify some practical measures they can take to better protect their users.
The Evolution of Account Takeovers
Account takeover (ATO) is a type of identity fraud where fraudsters leverage a person’s existing credentials to take control of their financial, credit, email, or social media accounts. This unauthorized access to user accounts can lead to various account takeover attacks.
Login credentials (i.e., usernames and passwords) are often purchased from the dark web or obtained through social engineering, data breaches, credential stuffing, and phishing attacks. The attacker may change the login credentials to lock the original owner out of their own account. At which point, they can then change, steal, authorize, or manipulate information associated with the account. ATO is often facilitated because end users use the same credentials across multiple websites.
How big a problem is account takeover? Consider these stats:
· 83% of organizations reported being impacted by at least one account takeover attack in 2024, with 5% experiencing it over 25 times (source: Abnormal Security, June 2024).
· Global ATO losses are projected to reach $17 billion by 2025, up from nearly $13 billion in 2023 (source: VPNRanks, March 2025).
· Financial losses from ATO fraud are climbing, with Javelin Strategy identifying it as the “greatest risk” facing financial institutions (source: Javelin Strategy, August 2024).
When an account takeover occurs, financial institutions often trot out the same playbook. They ask their users to regularly check their account for any unusual activity, such as unauthorized transactions or changes to your login information. This usually includes guidance about using strong passwords, enabling multi-factor authentication, being cautious of phishing attempts and reporting any suspicious account activity.
What do these suggestions have in common? They place the onus of account protection squarely on the end user. While we all must be mindful of best security practices, this does not absolve the financial institutions from their role in protecting our financial accounts.
How have leading financial institutions have responded?
Given consumer frustration and the growing lack of trust, many financial institutions are incorporating cutting-edge, technology-based safeguards to protect their users’ accounts. Implement MFA is the bare-bones minimum, but leading financial institutions are exploring new ways to spot and prevent these attacks including:
Now, let’s turn to the world of crypto.
Cybercriminals stole $2.7 billion in crypto in 2025 (source: Techcrunch, December 2025), a new record for crypto-stealing hacks, according to blockchain-monitoring firms. In 2025, there were dozens of crypto heists hitting several cryptocurrency exchanges and other web3 and decentralized finance (DeFi) projects. The biggest hack by far was the breach at Dubai-based crypto exchange Bybit, where hackers stole around $1.4 billion in crypto. Blockchain analysis firms, as well as the FBI, accused North Korean government hackers — the most prolific group targeting crypto in the last few years — of this massive heist.
More recently, Trust Wallet was victimized by malicious code which infected its Google Chrome extension on Christmas Day. Blockchain security firm, PeckShield, estimated that more than $6 million in digital assets were stolen during the incident. Most of the funds were quickly routed to cryptocurrency exchanges, while a significant portion remains in attacker-controlled wallets, indicating that investigations and tracking efforts are ongoing.
What is the guidance Trust Wallet offered to their users?
1. Download wallet apps only from verified sources and avoid unsolicited tokens
2. Do not open the Trust Wallet extension on your desktop
3. Be cautious of social engineering attempts
4. Update to the latest Chrome extension version from the official Chrome Web Store
5. Contact Trust Wallet support if your funds are missing
Sound familiar?
Once again, the onus is on the end user — not on the wallet provider.
In order to make any inroads against crypto scams, wallet security needs to evolve beyond being mindful of Chrome extensions. According to Dr. Samer Fayssal, the CEO of Web3Firewall and former BitGo CISO:
“Most digital wallets have limited visibility and control over transactions before they’re broadcast to the blockchain. Traditional security and compliance tools function after settlement, which limits a wallet’s ability to respond to emerging fraud threats.”
The good news. Much like account takeovers, there are now more sophisticated tools that can be leveraged to prevent these kinds of losses and minimize reputation risk. There are emerging Web3 security solutions that equip wallet providers (as well as crypto exchanges and coin issuers) with state-of-the-art technologies to spot and defend against these types of dangerous exploits.
· Pre-Broadcast Transaction Visibility: The technology exists today to equip digital wallet providers with real-time risk assessment before any funds are transferred out of their accounts. Unfortunately, many cybersecurity solutions are built on post-transaction analysis which means the funds have already vanished from the wallet — too little, too late.
· Admin Controls: Web3 cybersecurity solutions can now enable policy-driven delays, holds, kill switches, and escalations to help wallet providers get the visibility and upper hand. If large sums of transactions are being posted to a digital wallet with zero transaction history, for example, that’s a significant red flag.
· AI-Based Anomaly Detection: When these security firms see an unusual spike in transactions (e.g., large, rapid or suspicious fund movements), system alerts can be sent to your security team for further investigation before being posted to the blockchain. Plus, real-time heuristics and anomaly detection can sniff out unseen or zero-history wallets.
Had any of these simple protocols been in place, Trust Wallet would have been alerted before their users’ accounts were drained and they would have been spared from this devastating hack and the reputational exposure that ensued. Plus, these Web3 security solutions often provide better end-to-end visibility across fiat and digital flows, faster, AI-driven investigations with fewer false positives, and consistent policy enforcement and auditability.
While end users still bear some responsibility, it’s time to start shifting some of the accountability and responsibility back to the wallet providers, coin issuers and even the crypto exchanges by implementing a few commonsense best practices.
Who’s with me?
