A significant shock happened on February 22, 2025, to the crypto industry; the largest exchange hack in history took place. Bybit, a crypto exchange, suffered a staggering $1.5 billion breach at the hands of the notorious Lazarus Group, a cybercrime syndicate linked to North Korea. This is just the latest in a long line of high-profile crypto heists. In 2021, hackers drained $610 million from Poly Network. In 2022, the Ronin Network attack saw $540 million in cryptocurrencies vanish. The list of cyberattacks in the crypto industry is extensive, leaving many to wonder:
Why don’t similar hacks occur on traditional stock exchanges like the NYSE, NASDAQ, BSE, or NSE? These exchanges handle assets worth trillions of dollars—far more than crypto. Do they have better technology that makes them secure?
The answer lies in the fundamental difference between what constitutes an asset and how assets are held and transferred in traditional financial exchanges versus crypto exchanges.
You never receive the physical stock certificate when you buy stocks on regulated exchanges—whether in India or the US. Instead, ownership is recorded electronically with a central custodian, such as the Depository Trust & Clearing Corporation (DTCC) in the US or NSDL/CDSL in India. Here’s how it works:
- Trade Execution – You buy a stock through a broker, and your payment moves from your bank account to the broker’s account and then to the seller.
- Settlement & Clearing – Behind the scenes, the custodian updates its registry to reflect that the stock is now in your name.
- Delayed Finalization – The entire clearing, settlement, and reconciliation process takes two days (T+2), ensuring multiple layers of verification and fraud prevention.
Investors do not hold their assets directly, and no single entity controls all assets, making large-scale theft nearly impossible. The investor can never get physical control of his assets. The custodian is a registry or a database where the new stock owner is updated, but the stock is always at the custodian.
Cryptocurrencies are like Achilles, the warrior in Greek mythology, who is all-powerful and decentralized, but they have a vulnerable heel. Bitcoin, the grandfather of all cryptocurrencies, was formed to respond to inflated centralized censorable currency. You now have an asset with a fixed quantity that cannot be inflated. Digitally, you have custody, your asset is not censorship-prone and you do not need a centralized intermediary to send this to anyone anywhere in the world anytime. But now the onus of security of this asset falls on you, the asset’s owner.
Your rupee or dollar is digital, but to send money across the wire to faraway places, you need a payment gateway or intermediary, and you are at their mercy.
For example, in India, you cannot send money outside the country without permission from the central bank. You cannot send money from the US to Japan on Thursday, Friday, Saturday, Sunday or after 5 p.m. because the central bank and payment systems are not up and running.
Centralized crypto exchanges like Binance, Coinbase, Wazirx(now defunct), or Coindcx operate differently. Users can store their assets on the exchange or directly withdraw them from the exchange and hold them in their personal wallets or self-custody. Many centralized crypto exchanges act as brokers and custodians, storing users’ funds in the exchange wallets, making them prime targets for hackers.
Crypto exchanges are honeypots for hackers worldwide, not just from your country. Crypto transactions settle instantly on the blockchain, removing the buffer of time that traditional markets use for fraud detection and reversal. The fundamental design of self-custodianship and instant settlement makes crypto exchanges significantly more vulnerable to security breaches.
Traditional stock markets have built multi-layered security, regulatory oversight, and institutional custodianship to prevent large-scale hacks. In contrast, crypto exchanges are still evolving, struggling with the trade-off between decentralization and security. Until the industry finds a better balance, major hacks may remain a recurring nightmare for the crypto world.
The custody problem was the reason for years of institutional buyers like pension funds not being able to participate by investing in Bitcoin. Large institutional funds must follow regulations, such as not being allowed to self-custody assets. This is to prevent fraud or to protect investors. Imagine you are investing in a large pension fund and they were doing self custody of assets. And they send you reports that they have 10,000 bitcoins or shares of Tesla, but later, you know they did not have it. That is why the investment manager is not allowed to self-custody assets in regulated traditional funds. The custodian reports their holdings, which bring accounting and operational security to the investment.
Today, with ETFs in the US, traditional funds can diversify their investments to hold bitcoin via ETFs, and they do not have to worry about the security of their investment. Blackrock is a 10 trillion asset manager; when you buy their bitcoin ETF, you do not have to worry if the asset will be stolen by hackers because even if they do, you know that Blackrock will make it whole, or at least that is the assumption or trust funds place on BlackRock. Blackrock will take care of that to protect its reputation, as trust depends on it. Trust is why trillions of assets are kept in safe custody with BlackRock.
Nithin Eapen is a technologist and entrepreneur with a deep passion for finance, cryptocurrencies, prediction markets and technology. You can write to him at neapen@gmail.com. He writes the weekly column Creed, Capital and Crypto for Financial Express.
Disclaimer – The website managers, its employee(s), and contributors/writers/authors of articles have or may have an outstanding buy or sell position or holding in the securities, options on securities or other related investments of issuers and/or companies discussed therein. The content of the articles and the interpretation of data are solely the personal views of the contributors/ writers/authors. Investors must make their own investment decisions based on their specific objectives, resources and only after consulting such independent advisors as may be necessary.
