NEWS

NEWS

If Crypto Security Has Never Been Stronger, Why Do the Hacks Keep Happening?

If Crypto Security Has Never Been Stronger, Why Do the Hacks Keep Happening?

Crypto security feature: Ashna Vaghela, CCO at Mercuryo, and Caroline Bansraj, COO at SCRYPT

The cryptocurrency industry has entered what many describe as its most mature phase. But despite the significant progress, 2026 has already seen several high-profile security incidents. 

Each of them reminds us that greater investment does not necessarily translate into greater protection. And if the industry has more resources, stronger regulations, and better technology than ever before, why do major breaches continue to happen?

To understand how crypto security is evolving, the Drofa Comms team spoke with female leaders working in fintech about what the industry is still overlooking and what challenges lie ahead.

Security Is No Longer Just a Technology Problem

One message that came up repeatedly throughout our conversations is that security isn't something companies can simply purchase.

Caroline Bansraj, Chief Operating Officer at SCRYPT, believes many firms still approach cybersecurity as a collection of tools rather than a way of living.

"The industry still treats security as something you buy rather than something you build into the operating model."

Throwing more money at security doesn't automatically reduce risk if the business itself isn't designed to handle failures. According to Bansraj, the biggest breaches rarely happen because encryption fails or blockchain technology is flawed.

Instead, they usually begin somewhere far less technical through weak governance, poor access management, or other business-level mistakes.

"Institutions don't need infrastructure that claims to be unbreakable," she explains. "They need infrastructure designed to contain failures, maintain continuity and protect client assets when something inevitably goes wrong."

In other words, resilience is just as important as prevention.

Operational Risk as the New Attack Surface

As blockchain infrastructure has matured, experts believe the industry's weakest point is now operational decision-making, but it used to be code vulnerabilities that 

Statistics show that infrastructure-related compromises accounted for only about 15% of all recorded incidents in H1 2026, yet they accounted for roughly 76% of the total funds stolen. Put simply, the rare breach that gets into operational processes does far more damage than anything.

Ashna Vaghela, Chief Customer Officer at Mercuryo, says many of today's biggest security incidents don't start with a sophisticated hack, but start with disconnected systems.

"In digital assets, we are still underestimating how quickly risk spreads across connected systems," she explains.

A company can invest heavily in cybersecurity while still leaving itself exposed if different parts of the business are isolated.

"In digital assets, a weakness in one area can move fast across infrastructure, partners, gateways and users."

That's exactly where attackers are focusing, as too many firms are protecting individual components while attackers exploit the gaps between them. 

For Vaghela, security needs to be embedded at every stage of the customer journey, from onboarding and transaction monitoring to payments and infrastructure, rather than added as another layer after the platform is built.

Governance Is a New Competitive Advantage

Governance is not usually mentioned as an important part of building a business, but according to both leaders, it may soon become one of the biggest competitive advantages in crypto.

Vaghela believes governance is now evolving into a core part of security itself.

"Many major incidents now begin with failures in access, approvals, escalation or oversight," she says.

Technical vulnerabilities still exist, of course. Private keys, not smart contracts, caused 40% of crypto's $16 billion hack losses recently. But weak internal processes can expose customer funds just as quickly, so making them stronger is essential.

Despite that, the companies that earn long-term trust, adds Bansraj, won't necessarily be those spending the most on cybersecurity. She thinks the businesses that successfully combine strong governance and regulated infrastructure into a single model will be the future leaders.

The Next Big Challenge Is Complexity and Compliance

If there's one risk both leaders believe the industry still underestimates, it's complexity. Stablecoins, tokenised assets, instant settlement, banking infrastructure, payment providers, custodians, APIs — everything is turning into part of one much larger ecosystem. And every new connection creates another potential point of failure.

Vaghela also points to another challenge that is only beginning to emerge: proving compliance at scale.

"The industry is still underestimating the challenge of proving compliance at institutional speed."

Over the next 12 to 18 months, banks, payment companies, and enterprise clients will expect crypto businesses to demonstrate strong controls quickly and consistently. That means onboarding, transaction monitoring,  and partner risk management will all come under greater scrutiny.

So, given this, compliance is just as important as designing the product itself. That’s why companies are willing to unite the fragmented processes quickly enough.

Conclusion

Crypto security is evolving, so the industry's biggest risks now lie not only in code but also in governance and the growing complexity of interconnected financial systems.

That doesn't mean technology is now less important. But it does mean it is becoming much broader than cybersecurity alone. So, succeeding over the next few years will mean building organisations that can adapt and continue their processes when challenges inevitably arise.

Because in a more mature crypto industry, resilience (not perfection) is now the real measure of security.

Drofa Comms is grateful to Caroline Bansraj and Ashna Vaghela for contributing their expertise to this Women Leading the Way article.

The cryptocurrency industry has entered what many describe as its most mature phase. But despite the significant progress, 2026 has already seen several high-profile security incidents. 

Each of them reminds us that greater investment does not necessarily translate into greater protection. And if the industry has more resources, stronger regulations, and better technology than ever before, why do major breaches continue to happen?

To understand how crypto security is evolving, the Drofa Comms team spoke with female leaders working in fintech about what the industry is still overlooking and what challenges lie ahead.

Security Is No Longer Just a Technology Problem

One message that came up repeatedly throughout our conversations is that security isn't something companies can simply purchase.

Caroline Bansraj, Chief Operating Officer at SCRYPT, believes many firms still approach cybersecurity as a collection of tools rather than a way of living.

"The industry still treats security as something you buy rather than something you build into the operating model."

Throwing more money at security doesn't automatically reduce risk if the business itself isn't designed to handle failures. According to Bansraj, the biggest breaches rarely happen because encryption fails or blockchain technology is flawed.

Instead, they usually begin somewhere far less technical through weak governance, poor access management, or other business-level mistakes.

"Institutions don't need infrastructure that claims to be unbreakable," she explains. "They need infrastructure designed to contain failures, maintain continuity and protect client assets when something inevitably goes wrong."

In other words, resilience is just as important as prevention.

Operational Risk as the New Attack Surface

As blockchain infrastructure has matured, experts believe the industry's weakest point is now operational decision-making, but it used to be code vulnerabilities that 

Statistics show that infrastructure-related compromises accounted for only about 15% of all recorded incidents in H1 2026, yet they accounted for roughly 76% of the total funds stolen. Put simply, the rare breach that gets into operational processes does far more damage than anything.

Ashna Vaghela, Chief Customer Officer at Mercuryo, says many of today's biggest security incidents don't start with a sophisticated hack, but start with disconnected systems.

"In digital assets, we are still underestimating how quickly risk spreads across connected systems," she explains.

A company can invest heavily in cybersecurity while still leaving itself exposed if different parts of the business are isolated.

"In digital assets, a weakness in one area can move fast across infrastructure, partners, gateways and users."

That's exactly where attackers are focusing, as too many firms are protecting individual components while attackers exploit the gaps between them. 

For Vaghela, security needs to be embedded at every stage of the customer journey, from onboarding and transaction monitoring to payments and infrastructure, rather than added as another layer after the platform is built.

Governance Is a New Competitive Advantage

Governance is not usually mentioned as an important part of building a business, but according to both leaders, it may soon become one of the biggest competitive advantages in crypto.

Vaghela believes governance is now evolving into a core part of security itself.

"Many major incidents now begin with failures in access, approvals, escalation or oversight," she says.

Technical vulnerabilities still exist, of course. Private keys, not smart contracts, caused 40% of crypto's $16 billion hack losses recently. But weak internal processes can expose customer funds just as quickly, so making them stronger is essential.

Despite that, the companies that earn long-term trust, adds Bansraj, won't necessarily be those spending the most on cybersecurity. She thinks the businesses that successfully combine strong governance and regulated infrastructure into a single model will be the future leaders.

The Next Big Challenge Is Complexity and Compliance

If there's one risk both leaders believe the industry still underestimates, it's complexity. Stablecoins, tokenised assets, instant settlement, banking infrastructure, payment providers, custodians, APIs — everything is turning into part of one much larger ecosystem. And every new connection creates another potential point of failure.

Vaghela also points to another challenge that is only beginning to emerge: proving compliance at scale.

"The industry is still underestimating the challenge of proving compliance at institutional speed."

Over the next 12 to 18 months, banks, payment companies, and enterprise clients will expect crypto businesses to demonstrate strong controls quickly and consistently. That means onboarding, transaction monitoring,  and partner risk management will all come under greater scrutiny.

So, given this, compliance is just as important as designing the product itself. That’s why companies are willing to unite the fragmented processes quickly enough.

Conclusion

Crypto security is evolving, so the industry's biggest risks now lie not only in code but also in governance and the growing complexity of interconnected financial systems.

That doesn't mean technology is now less important. But it does mean it is becoming much broader than cybersecurity alone. So, succeeding over the next few years will mean building organisations that can adapt and continue their processes when challenges inevitably arise.

Because in a more mature crypto industry, resilience (not perfection) is now the real measure of security.

Drofa Comms is grateful to Caroline Bansraj and Ashna Vaghela for contributing their expertise to this Women Leading the Way article.

London office

Rise, created by Barclays, 41 Luke St, London EC2A 4DP

Nicosia office

2043, Nikokreontos 29, office 202

DP FINANCE COMM LTD (#13523955) Registered Address: N1 7GU, 20-22 Wenlock Road, London, United Kingdom For Operations In The UK

AGAFIYA CONSULTING LTD (#HE 380737) Registered Address: 2043, Nikokreontos 29, Flat 202, Strovolos, Cyprus For Operations In The EU, LATAM, United Stated Of America And Provision Of Services Worldwide

Drofa © 2024

London office

Rise, created by Barclays, 41 Luke St, London EC2A 4DP

Nicosia office

2043, Nikokreontos 29, office 202

DP FINANCE COMM LTD (#13523955) Registered Address: N1 7GU, 20-22 Wenlock Road, London, United Kingdom For Operations In The UK

AGAFIYA CONSULTING LTD (#HE 380737) Registered Address: 2043, Nikokreontos 29, Flat 202, Strovolos, Cyprus For Operations In The EU, LATAM, United Stated Of America And Provision Of Services Worldwide

Drofa © 2024