Abstract

The 2025 Bybit hack highlights the persistent security challenges within the cryptocurrency industry, exposing vulnerabilities in exchange security and user account protection. This paper examines the mechanisms of account takeover attacks, including phishing, credential stuffing, and session hijacking, and analyses the broader risks they pose to investors and the industry. It evaluates security measures such as multi-factor authentication, self-custody solutions, and transaction monitoring, emphasizing the importance of proactive risk management. Additionally, the paper explores regulatory responses and industry shifts toward decentralized security models. The findings underscore that while exchanges play a critical role in enhancing security, investors must adopt self custody and rigorous security practices to mitigate account takeover risks. A combination of stronger regulatory frameworks, technological innovations, and user education is essential to safeguarding digital assets and fostering a more resilient cryptocurrency ecosystem.

Keywords: Cryptocurrencies, Cybersecurity, Account takeover attacks, Crypto hack, Self custody, Regulation, Decentralized finance, Blockchain