Jimmy Su has been serving as the chief security officer of Binance since 2020.
Data by Scam Sniffer shows that the first quarter of 2025 clocked $21.9 million in crypto losses
Photo Credit: Unsplash/ rc.xyz
In 2024, crypto crimes led to losses of over $2 billion (roughly Rs. 16,877), with Chainalysis calling the figure a troubling milestone. The on-chain analysis firm also claimed that the number of hacking incidents rose from 282 in 2023 to 303 in 2024, powered by more sophisticated techniques and mechanisms. In conversation with Gadgets 360, Jimmy Su, the chief security officer of Binance, strongly suggested crypto firms deploy a multi-layered defence strategy in order to ensure the safety of user funds. Su said only user trust could help the industry expand as regulatory winds gradually shift in favour of the crypto sector globally.
In recent years, crypto criminals have identified the Web3 community as a close-knit circle, where word-of-mouth holds significant importance. Su chimed in with international law enforcement agencies to highlight that crypto scammers frequently attempted to impersonate trusted platforms using phishing messages, fake apps, or deceptive social media outreach to trick users into sharing sensitive data or transferring funds.
These types of attacks are becoming increasingly common factors that are severely eroding user confidence, especially among new incumbents, Su told Gadgets 360.
“Crypto exchange platforms should take a multilayered, continuous approach to security auditing that extends beyond periodic assessments," he said. "Building a robust security program at a centralised exchange, it is paramount to have both internal and external security audits.”
Su has emphasised that the global Web3 industry must prioritise collaborative efforts to combat crime risks. The same thought was pushed by India during its G20 presidency between 2022 and 2023, when the country had called global economies to join forces and implement a common regulation structure to oversee Web3.
"Sharing threat intelligence and collaborating to address vulnerabilities can result in a more robust ecosystem. Working with regulatory bodies to create clear rules and compliance requirements will assist in connecting the industry's expansion with security imperatives," Su noted.
While the International Monetary Fund and the Financial Stability Board have been working on commonly applicable guidelines for now, most nations are accelerating work to regulate crypto and Web3 internally.
Su said that while crypto rules were still evolving, the task of keeping the industry safe lay with the sector players and their community members.
All small and big crypto exchanges and wallet providers should first set up a multi-factor authentication (MFA) system, he said. This could significantly complicate incidents of hacks and breaches that put user funds at risk.
"Even with limited resources, it's possible to adopt a security approach using cloud-native services with strong built-in protections, prioritising cold wallet layout, and setting up layered defences including anomaly detection. One key lesson we can share is that transparency builds trust," Su added.
Cold storage solutions, frequent security audits, and advanced threat detection systems are also critical for earning community confidence, the Binance official said.
With back-to-back security breaches of Web3 protocols, crypto users, too, have become more aware of hack prevention systems of late. Earlier this month, Binance released a survey report focussed on the Asian market, where it said more than half of the total respondents expressed the desire to participate in platform-organised anti-scam simulations like phishing detection tests.
Su said that if the community continued to raise awareness on security, more users would feel in control of their decisions and be wise about them. After all, user actions and their security habits play a vital role in protecting any protocol's overall infrastructure, Su pointed out. More knowledge on healthy security habits could drastically cut down security lapses.
"By informing users about security best practices, such as recognising phishing attempts and securing private keys, the industry can empower individuals to protect their assets effectively," the security expert observed.
The Chainalysis report had highlighted decentralised finance (DeFi) platforms as the primary targets of crypto hacks between 2021 and 2023. However, in 2024, the criminal patterns changed and brought centralised services into the limelight.
"This shift in focus from DeFi to centralised services highlights the increasing importance of securing mechanisms commonly exploited in hacks, such as private keys. Private key compromises accounted for the largest share of stolen crypto in 2024, at 43.8 percent," the report had claimed in December last year.
While the crypto sector remains largely unregulated across countries, hackers and scammers continue to ramp up criminal activity. Data by Scam Sniffer shows that the first quarter of 2025 has already seen $21.9 million (roughly Rs. 184 crore) in losses from over 22,600 victims of phishing attacks targeting the Web3 sector.
Regions like Macau and India are working with crypto firms like Binance and Giottus to train law enforcement officers in probing crypto crimes.
Educational initiatives around Web3 security are also gathering pace in several parts of the world, including India.
Su has advised smaller exchanges to actively participate in industry collaboration where threat intelligence, best practices, and policy trends are openly discussed. He said that newer players in the crypto sector could learn from the mistakes of others and evolve faster.
"Security maturity takes time, but intent and consistency are great equalisers. As the ecosystem matures, we must raise the floor together because a breach at one exchange can ripple across the industry," Su concluded.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.