NEW YORK—Cryptocurrency investors are facing a new frontline of risk as criminals shift their focus from large exchanges to everyday wallet holders, triggering a surge in targeted, sophisticated attacks that blend social engineering with mobile-device exploits.
The result is a growing wave of sophisticated wallet-level attacks, combining social engineering, SIM swapping, and device exploits to devastating effect, GlobalData reported.
In a new GlobalData report, Matthew Jones, founder of Haven, warns that personal-wallet security has become the weakest link in the cryptocurrency ecosystem as criminals increasingly target individual holders rather than exchanges.
Jones said that today’s standard protections—two-factor authentication, passwords, and seed phrases—“were considered robust, but in reality, they are far from foolproof.” Because most users rely on email or phone-based verification, he notes that an unlocked smartphone “provides immediate access to both text messages and email inboxes,” making it easy for thieves to drain wallets if a device is stolen.
Jones argued that common practices around seed-phrase storage are equally risky, with many users photographing or backing up their recovery phrases in ways that “effectively hand hackers a key to the vault.” Drawing on his own experience facilitating large private crypto trades, he recounted losing more than $2 million to organized theft schemes and described chasing criminals “down the streets of Amsterdam” and working with Interpol. He pointed to widespread misrepresentation of funds, faked test transactions, forged IDs, and convincing proofs of ownership as core vulnerabilities.
To fix this, Jones called for a shift toward biometric security, saying “the next logical step” is technology that can prove “beyond a reasonable doubt” who controls a wallet. He argues that continuous identity verification—rather than one-time passwords or seed phrases—is essential, and suggested encrypted biometric data stored on a blockchain could address privacy concerns.
Jones concluded that while crypto has matured significantly, growth will stall if wallet-level protections do not improve. Private, high-value secondary-market trades remain especially exposed, and he cautioned that “the real danger now lies in targeted attacks of individual wallets,” where life savings can vanish in minutes. For crypto to reach its full potential, he said, developers and investors must “recognize that security is no longer about trusting devices or documents, but about verifying identity in a way that even a hacker can’t fake.”