BTC $69 699,19 +4.29%
ETH $2 081,34 +6.23%
USDT $0,9996 +0.04%
XRP $1,46 +6.76%
BNB $627,29 +4.36%
USDC $1,0000 +0.01%
SOL $85,96 +8.06%
TRX $0,2824 +1.58%
DOGE $0,0978 +4.54%
BCH $566,16 +9.34%
ADA $0,2784 +5.86%
HYPE $31,64 +4.43%
LEO $8,54 +3.14%
XMR $356,31 +5.53%
LINK $8,98 +6.35%
USDe $0,9990 +0.04%
CC $0,1644 +3.12%
XLM $0,1702 +8.52%
DAI $1,00 +0.01%
USD1 $0,9994 +0.03%
Home News

Fireblocks warns “attackers evolve” and pushes defense-in-depth for crypto

admin admin
Feb 11, 2026, 3:50 PM | Industry
Fireblocks warns “attackers evolve”

Fireblocks is leaning into a blunt truth that every crypto security team learns the hard way: attackers only need to be right once. In a new blog post published Feb. 11, 2026, the firm argues that digital-asset security needs to be built around an “assume breach” reality—because once a malicious transaction hits blockchain finality, there’s usually no rollback and no clean undo button.

The post frames the threat landscape as increasingly professionalized, pointing to recent campaigns and incidents the company says it has tracked, and positioning its response as a practical, architecture-first playbook rather than another checklist of “best practices.” Fireblocks says it is releasing a white paper, “Securing Digital Assets in an Evolving Threat Landscape,” built from its experience securing over $10 trillion in digital asset transfers and protecting more than 550 million wallets globally.

The numbers Fireblocks cites are meant to underline why it’s pushing layered controls now. It says hackers stole over $3.4 billion in cryptocurrency in 2025, bringing the total stolen since 2020 to over $17 billion. It breaks that into three buckets: state-sponsored operations (with DPRK as the largest), the “commoditization of crime” via drainer-as-a-service, and opportunistic crime plus insiders.

Fireblocks’ most pointed claim is about where failures actually happen. The company says nearly all digital-asset theft incidents stem from actions that were “technically authorized” because policies were weak—meaning the attacker didn’t necessarily bypass cryptography, they exploited governance and process gaps. That’s why its framework puts a cryptographically enforced policy engine at the center, designed to block unauthorized fund movement even if a machine, credential, or individual is compromised.

The other big theme is “transaction clarity,” or removing blind signing—the habit of approving complex smart-contract interactions without fully understanding what the transaction will do. Fireblocks argues that approvals should be human-readable so operators can spot malicious unlimited approvals or hidden transfers before a signature is provided.

To make this usable in real institutions, the white paper (as described) includes a threat-to-defense mapping matrix and scenario walkthroughs covering nation-state attacks, DeFi drainers, and malicious insiders. It also includes a “security readiness checklist” meant to help teams audit their posture across the full transaction lifecycle and identify gaps before they get exploited.

Why it matters for crypto

  • Security risk is shifting from “hacking” to “authorization.” If theft happens through weak policies and approvals, governance becomes a primary security control—not a compliance formality.
  • Drainer-as-a-service keeps lowering the bar for theft. Fireblocks’ framing suggests wallet draining is increasingly productized, which widens the attacker pool.
  • Institutional adoption depends on operational resilience. Layered controls (policy enforcement, transaction clarity, distributed infrastructure) are how institutions justify holding and moving assets at scale.

What to watch next

  • Whether “no blind signing” becomes standard. Watch for more platforms and custodians pushing human-readable transaction decoding as a default requirement.
  • Policy engines getting tighter, not looser. Fireblocks argues policy is the critical layer; expect more granular controls around approvals, destinations, limits, and smart-contract permissions.
  • More public reporting on drainer ecosystems and insider risk. If the threat model is “professionalized operations,” the market will demand clearer intelligence sharing and incident learnings.

Source: Fireblocks Blog