In this LABScon 25 talk, Andrew MacPherson dives deep into the high-stakes world of crypto crime, which has amassed approximately $9 billion in illicit funds. Andrew demystifies the technical landscape and exposes the sophisticated attack vectors plaguing the decentralized finance (DeFi) space.
The talk begins with an explanation of the core concepts necessary to understand crypto-related security threats, including definitions of blockchains, wallets, and smart contracts. Andrew explains that a key point in the architectural difference of many crypto applications is that they typically rely solely on frontends, with all interactions happening in the browser via the wallet extension.
The talk then moves on to focus on attack patterns. Crypto thieves target every weak point, from applications and code to the developers and executives themselves. The speaker details the largest crypto heist to date, the $1.5 billion loss from Bybit. This attack involved infecting a developer’s machine, gaining access to production JavaScript code, and modifying it to authorize a full wallet drain during a multi-signature transaction. The talk also covers supply chain risks like typo-squatting, exploitation of personal servers like Plex to compromise GitHub accounts, and the rise of “drainers as a service” that simplify crypto theft.
Andrew also covers the challenges attackers face in laundering stolen funds, and how they leverage techniques such as cross-chain swaps, using mixers like Tornado Cash, and non-KYC platforms for conversion to cash. Despite the fact that all blockchain logs are public and permanent, the presentation also discusses the challenges threat intel analysts face in tracking these rapidly moving funds.
Andrew’s presentation is essential viewing for anyone interested in cryptocurrency and cybersecurity, especially those looking to understand the technical realities of financial crime in the decentralized era.
About the Author
Starting at Paterva, Andrew Macpherson spent more than 10 years creating Maltego before moving to the US for security roles at BitMEX (IR), Robinhood (IR/D&R), Uniswap (Head of Security), and now Privy (Principal Security Engineer). He’s spoken at Black Hat, DEF CON, DSS, EthCC and countless others, teaching courses and drinking malibu on the way.
About LABScon
This presentation was featured live at LABScon 2025, an immersive 3-day conference bringing together the world’s top cybersecurity minds, hosted by SentinelOne’s research arm, SentinelLABS.
Keep up with all the latest on LABScon here.
Facts Only
Andrew MacPherson - speaker, Paterva employee, BitMEX IR, Robinhood IR/D&R, Uniswap Head of Security, Privy Principal Security Engineer, Black Hat, DEF CON, DSS, EthCC presenter
LABScon 2025 - immersive 3-day conference hosted by SentinelOne’s research arm, SentinelLABS
Blockchain - decentralized digital ledger enforcing order among participants
Wallets - software or hardware interfaces for storing private keys to access cryptocurrencies
Smart contracts - self-executing contracts with the terms directly written into code
Crypto thieves - criminals targeting vulnerabilities in crypto applications and developers
Bybit - cryptocurrency exchange platform
$1.5 billion loss - largest known crypto heist to date
Infected developer’s machine - method used to gain access to production JavaScript code
Modified production JavaScript code - allowed for full wallet drain during multi-signature transactions
Typo-squatting - supply chain risk involving the use of fake or misleading domain names to trick users into giving up sensitive information
Personal servers - exploitation of personal servers like Plex to compromise GitHub accounts
"Drainers as a service" - simplified crypto theft services offered on dark web marketplaces
Cross-chain swaps - techniques used to move funds across different blockchains for laundering purposes
Tornado Cash - mixer platform used for anonymizing cryptocurrency transactions
Non-KYC platforms - conversion services for cryptocurrencies that do not require Know Your Customer (KYC) identification checks
Executive Summary
Full Take
In this analysis, we will employ the A.R.C. analytical framework to examine the presented article on cryptocurrency-related security threats and financial crime in the DeFi space.
STEELMAN: The strongest version of this narrative acknowledges that cybersecurity expert Andrew MacPherson discussed the growing issue of cryptocurrency-related security threats, focusing on attack patterns targeting applications, code, developers, and executives, as well as supply chain risks like typo-squatting and exploitation of personal servers. The talk detailed the largest known crypto heist to date, a $1.5 billion loss from Bybit, which involved infecting a developer’s machine, gaining access to production JavaScript code, and modifying it for unauthorized wallet drains during multi-signature transactions. MacPherson also addressed challenges faced by threat intel analysts in tracking rapidly moving funds and techniques used to launder stolen funds through cross-chain swaps, mixers, and non-KYC platforms.
PATTERN SCAN: None detected.
ROOT CAUSE: The root cause of the discussed security threats lies in the inherent complexities of the DeFi space, where numerous interconnected actors, technologies, and processes create potential vulnerabilities that can be exploited by cybercriminals.
IMPLICATIONS: The implications of these growing security threats in the DeFi space could lead to significant financial losses for individuals and organizations alike. Additionally, they call attention to the need for improved security measures and regulations in the rapidly evolving world of cryptocurrency.
BRIDGE QUESTIONS: How can we better secure the DeFi space against cyber attacks? What role should regulatory bodies play in ensuring the safety of decentralized finance systems?
COUNTERSTRIKE SCAN: The content aligns well with a responsible discussion on cryptocurrency security threats and financial crime, making it unlikely that this is part of a coordinated influence campaign.
Sentinel — Human
The provided text shows signs of being written by a human. Variable sentence length and transition usage suggest a human writing style. The presence of personal voice, stylistic fingerprint, and in-depth, specialized knowledge indicate a human author.
