TradingKey - In February 2025, leading cryptocurrency exchange Bybit suffered what can only be described as an "epic" hacking attack, resulting in losses of up to $1.5 billion.
The hackers employed sophisticated social engineering tactics to forge executive instructions, tricking multiple key managers into authorizing abnormal fund transfers. This incident highlights the urgent need for security practices in the cryptocurrency space.
Unlike traditional financial systems, which are subject to strict regulations at every level, the cryptocurrency market has operated outside regulatory oversight since its inception due to its decentralized and anonymous characteristics—much like a "runaway horse."
What does this regulatory vacuum mean for you?
While it does provide ample room for innovation in cryptocurrencies, security issues cannot be overlooked.
What Are the Security Issues When Investing in Cryptocurrency?
Hacking Attacks
Hacking attacks are the number one enemy of cryptocurrency, where hackers exploit network vulnerabilities and use methods such as malware infiltration to steal users' cryptocurrency assets.
Here are some notable hacking incidents:
In 2022, Ronin Network suffered a hacking attack that resulted in a loss of 615 million in cryptocurrency, making it one of the largest thefts in cryptocurrency history at that time.
In February 2025, the Bybit platform experienced a hacking attack where hackers exploited vulnerabilities to steal over 1.5 billion worth of more than 400,000 ETH and stETH, setting a new record for the amount stolen.
Phishing
Scammers often use emails and similar tactics to entice you to click on links by presenting fake exchange pages or offering tempting airdrop rewards.
Emails like "Congratulations! Your Bitcoin account needs verification" are common examples.
Once you enter your private keys or recovery phrases on these links, there's a high likelihood that your assets will end up in the scammers' pockets.
Fraudulent Projects
With so many new projects appearing, it can be difficult to determine which ones hold genuine value and which ones are traps disguised as dreams.
Catchy slogans like "100x coins" or "decentralized finance revolution" may hide carefully designed scams behind them. Methods include:
Air coins ICO: Raising funds by simply issuing a white paper with promises of technology that will never materialize.
Ponzi schemes: Using funds from new investors to pay dividends to older users until the chain of funding collapses.
Rug pulls: The project team suddenly shuts down smart contracts and absconds with all liquidity funds.
You may think you're investing in the future when you could be paying for the scammers' luxury sports cars.
(Source: Freepik)
What does it mean to describe cryptocurrency as a "regulatory orphan"?
Unlike stocks or gold, cryptocurrencies inherently possess a "transnational gene"—the Bitcoin you purchase in Tokyo can instantly be transferred to a wallet in New York.
However, this also brings about challenges: there are no unified regulatory rules globally, and each country plays by its own logic. For example:
In the United States, Bitcoin may be classified as both a "commodity" (regulated by the CFTC) and a "security" (regulated by the SEC), meaning that the same transaction could be monitored by two different agencies simultaneously.
In India, the government once proposed an outright ban on cryptocurrencies, prompting local investors to sell off their holdings overnight.
In Switzerland’s Zug region, known as "Crypto Valley," it is easier for businesses to issue tokens than to register a company.
This "fragmented regulation" makes investors feel like they are playing a global game of "regulatory Russian roulette"—you never know which country might suddenly change its rules tomorrow.
What Does the Global Regulatory Landscape for Cryptocurrency Look Like?
United States: The "Major Battleground" for Cryptocurrency
In the global landscape of cryptocurrency regulation, the United States is undoubtedly a key player.
In May 2024, the U.S. House of Representatives approved the "Financial Innovation and Technology Act for the 21st Century" (FIT21), signifying an important step forward in cryptocurrency regulation.
This legislation aims to establish a comprehensive regulatory framework for digital assets, clarifying the roles of both the Commodity Futures Trading Commission (CFTC) and Securities and Exchange Commission (SEC) in this evolving space.
(Source: Shutterstock)
At this point, let's take a look at the CFTC and SEC, and why I keep mentioning them frequently.
The CFTC views Bitcoin as a “commodity,” allowing it to be traded as futures on exchanges like the Chicago Mercantile Exchange (CME).
Conversely, the SEC classifies tokens such as Uniswap and Solana as “securities,” necessitating registration similar to that required for stocks.
This split creates challenges for crypto companies—such as Coinbase, which must apply for futures licenses from CFTC while also complying with SEC regulations; legal fees alone have incurred costs of hundreds of millions.
Asia: A Delicate Balance Between Conservatism and Innovation
Japan
Japan has established safety standards via its Payment Services Act, requiring exchanges to implement KYC (Know Your Customer) measures and AML (Anti-Money Laundering) protocols, along with insurance coverage for user assets.
Following a $500 million theft from Coincheck in 2018, Japan mandated that exchanges hold user assets in segregated accounts—while trading profits may be modest, at least investor principal is safeguarded.
Singapore
Singapore categorizes cryptocurrencies into three types:
Payment Tokens (e.g., USDT): Regulated under its Payment Services Act; must integrate AML systems.
Security Tokens (e.g., platform tokens like BNB): Governed by the Monetary Authority of Singapore (MAS); required to disclose financial information.
Utility Tokens (e.g., game tokens): Currently offered more leniency to encourage innovation and experimentation.
This targeted approach has positioned Singapore as a hub for DeFi activity in Asia, attracting firms like Binance and Huobi to establish compliant operations there.
European Union
The EU’s Markets in Crypto-Assets Regulation (MiCA) constitutes one of the most systematic regulatory frameworks available today.
This regulation mandates that companies engaging in issuing or trading crypto-assets across all 27 EU member states obtain appropriate licenses.
Securing a MiCA license in any EU country allows firms to operate throughout Europe without needing separate applications in nations like France or Germany, thus significantly reducing compliance costs.
What Regulatory Challenges Are Being Faced?
First Challenge: What Exactly Is Cryptocurrency?
To this day, there is no unified standard for classifying cryptocurrencies globally.
In the eyes of regulators, it can have numerous identities.
In the United States, the SEC may consider it an “unregistered security” (if they view your purchase as an “investment contract”).
Under the EU’s MiCA framework, it is categorized as a "crypto asset," but not considered "electronic money."
In the eyes of some central banks in certain countries, it may not be anything at all—just a string of meaningless code.
This ambiguity in definitions makes it difficult to establish cohesive and effective regulation.
Second Challenge: Global Regulation Resembles a "United Nations Puzzle"
As previously mentioned, each country has its regulatory stance on cryptocurrencies.
The consequence of this fragmented regulation is that the same project may be legal in Country A but banned in Country B. For example, a DeFi lending protocol you participate in might be regarded as "compliant fintech" in Singapore but could be labeled as an “illegal gambling tool” in India, leading to your account being frozen suddenly—cross-border investment feels like playing an adventure game without a map.
(Source: Shutterstock)
Third Challenge: Difficulty in Assessing Regulatory Strain
Regulators are akin to tightrope walkers who must find the balance between “risk control” and “encouraging innovation.”
Examples of overly strict regulation include China’s ban on mining in 2021, which caused global hash power to plummet by 50%, forcing miners to relocate while also preventing considerable electricity waste.
On the other hand, lessons from lax regulation include the collapse of Terra in 2022, attributed to South Korean regulators' failure to detect vulnerabilities within its “algorithmic stablecoin,” resulting in investor losses amounting to $40 billion.
Blockchain technology is continually generating new applications (such as NFTs, cross-chain bridges, AI + DeFi), while regulatory rules lag. For instance, just when you grasp what a "decentralized exchange" is, a more complex model like "algorithmic market makers" emerges—leaving regulators constantly making patchwork adjustments and investors unknowingly stepping into “regulatory gray areas.”
