Fireblocks, the enterprise platform securing more than $5 trillion in digital asset transfers annually, has released a new security whitepaper titled Securing Digital Assets in an Evolving Threat Landscape. The report examines operational security gaps arising from rapid institutional adoption and growing transaction volumes in the digital assets industry.
Fireblocks currently supports over 2,400 institutional customers. The company reported that stablecoin processing volumes increased 55% year-over-year in Singapore, 124% in the United States, and 893% in the Cayman Islands. Transaction counts rose 192% YoY, while transaction volume grew 76% YoY, reflecting a significant escalation in institutional activity.
The report underlines the scale of risk facing the industry. According to Chainalysis data, Cryptocurrency theft reached $3.4 billion in 2025 alone, with total losses since 2020 exceeding $17 billion. DPRK-linked actors accounted for three-quarters of these attacks, targeting institutions of all sizes. Fireblocks emphasized that operational security gaps now pose existential threats to organizations handling digital assets.
Nation-state threats dominate the landscape
North Korea remains the most prominent state-sponsored threat. Its Lazarus Group, also known as APT38, has evolved into the world’s most prolific cryptocurrency thief. The group targets private key infrastructure, transaction signing systems, and employees through social engineering campaigns such as Operation Dream Job and Contagious Interview. These campaigns have exploited fictitious job offers and malware-laden coding tasks to infiltrate major cryptocurrency platforms.
Fireblocks highlighted how DPRK operations often target smaller institutions for single-digit million-dollar thefts, demonstrating that no organization is too small for attention. The group’s stolen funds frequently move through cross-chain bridges, mixers, and no-KYC exchanges, often laundering entire amounts within 48 hours.
Organized cybercrime has professionalized through Drainer-as-a-Service (DaaS) models. Notable cases include Inferno Drainer, a turnkey phishing infrastructure that targeted over 167,000 victims, siphoning $250 million from more than 16,000 domains. Individual hackers also exploit vulnerabilities opportunistically, draining liquidity pools, manipulating DeFi protocols, and conducting multi-year phishing campaigns.
Defense-in-depth as a strategic necessity
Fireblocks’ security framework applies multiple layers of defense. The company relies on zero-trust architecture, multi-device approval, distributed wallet infrastructure, policy-driven governance, secure operations environments, and real-time transaction scanning. Each layer is designed to prevent a single point of compromise from resulting in fund loss.
The zero-trust model ensures all authentication attempts undergo explicit validation. Critical operations execute within hardware-isolated enclaves, protecting private keys and transaction logic. Multi-device approval separates transaction initiation from authorization and signing, leveraging biometrics, PIN codes, and hardware-backed authenticators.
Distributed wallet infrastructure employs multi-party computation (MPC) to generate private keys in shares, never exposing the full key. Policy and governance engines enforce approval quorums, destination whitelisting, and role-based access. Fireblocks’ secure operations environment enables direct interactions with DeFi and CeFi platforms while reducing attack surfaces. Transaction scanning and threat detection alert users to malicious contracts and anomalous activity before funds move.
Mitigating sophisticated attacks
Fireblocks detailed hypothetical attack scenarios to demonstrate defense capabilities. In a nation-state attack targeting an asset manager treasury, multi-device approval, transaction scanning, and policy controls prevented attackers from redirecting funds even after compromising a workstation. In DeFi operations, wallet drainer attempts failed due to dApp whitelisting, typed message policies, and transaction simulation. Insider threats, such as an employee attempting unauthorized withdrawals, were blocked by approval quorums and device-level verification.
The company emphasizes continuous monitoring and policy management as essential to maintain strong defenses. Fireblocks Security Posture Management (FSPM) automates configuration oversight, highlighting vulnerabilities before attackers exploit them.
Staying ahead in a shifting threat landscape
Defense in depth, transparency, and alignment of people, processes, and technology remain critical for organizations operating in digital assets. With nation-state actors, organized crime, and AI-assisted threats evolving rapidly, legacy security models cannot protect against modern attacks. Fireblocks advises enterprises to assume breaches and architect systems to contain damage while supporting operational efficiency.
As the digital asset market matures, Fireblocks asserts that robust security frameworks are not optional but essential for institutions seeking to leverage crypto technologies while safeguarding funds against increasingly sophisticated adversaries.
Oleksii Shumak
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice, HODL FM strongly recommends contacting a qualified industry professional.
