The rise of real-world cyber threats

The recent surge in cryptocurrency kidnappings in France has exposed a chilling trend: digital threats are no longer confined to cyberspace. Criminals are now leveraging online information to observe this shift, with several abduction attempts reported across the sector this year alone. This merging of cyber and real-world security challenges demands a fundamental change in how we think about security.

Digital exposure: The gateway to physical risk

The digital footprints we leave behind in our daily lives, whether through social media, wearable devices, or fitness apps, can inadvertently create significant vulnerabilities. For professionals in the digital asset space, the risks are especially pronounced. Publicly sharing information such as travel plans, attendance at industry events, or even regular exercise routes can provide malicious actors with valuable insights into personal routines and locations.

A recent case involved a convincing fake job offer on LinkedIn targeting a staff member. The attacker claimed to be a recruiter from a reputable exchange, complete with a plausible profile, mutual connections, and authentic-looking content. After requesting a CV, the attacker followed up with a timed “assessment,” which then led to a video task requiring the victim to install updated drivers, an obvious malware delivery mechanism in hindsight. This technique mimics a known campaign linked to the DPRK-aligned threat group Lazarus Group (APT38) under what is commonly known as Operation Dream Job.

This is just one example from a growing list. We’ve also seen cases of deepfake video calls where attackers impersonate executives to authorise wire transfers, or phishing attempts that trick users into installing fake browser extensions designed to hijack wallets. In the ByBit/Safe attack earlier this year, attackers injected malicious code into the WalletConnect integration. The compromise led to the theft of over $3 million — showcasing how technical compromise often begins with human manipulation.

It is a stark reminder that what we share online, even unintentionally, can have very real-world consequences. Oversharing (even unintentionally) can open the door to stalking, intimidation, or even abduction attempts. For those working in or around digital assets, maintaining a low profile online and being mindful of the information shared publicly is now a critical aspect of personal and organisational security. 

The changing nature of threats

The threat landscape facing the digital asset industry is both complex and fast-changing. Traditional cyber threats, such as phishing, deep fakes, and social engineering, are now being combined with physical tactics. Notable examples across the industry include:

• Sophisticated phishing campaigns: Attackers use deep fake technology or impersonate trusted contacts to trick individuals into granting access or revealing sensitive information.
• Physical reconnaissance: Criminals monitor social media and fitness apps to map out routines and identify vulnerable moments.
• Direct intimidation: There have been multiple high-profile abduction attempts targeting industry leaders, with criminals seeking access to digital wallets and private keys.

The rise in these hybrid attacks means that security can no longer be viewed in silos; the risks are interconnected and require a unified response and integrated security practices.

AI, machine learning, and the evolving security landscape

The rapid advancement of artificial intelligence and machine learning further complicates this new reality. These technologies are fundamentally transforming both the nature of threats and the tools available to defend against them. On the one hand, AI and machine learning empower security teams to analyse vast amounts of data, automate routine checks, and respond to incidents more swiftly and effectively. On the other hand, these same technologies are being weaponised by attackers, enabling more convincing impersonations, sophisticated phishing attempts, and making social engineering harder to detect.

To address these challenges, organisations are implementing additional verification steps for sensitive actions, particularly when requests come via digital channels. It is also crucial to encourage employees to be sceptical of unexpected communications, even if they appear authentic. The dual-edged nature of AI and machine learning means that vigilance and adaptability must be at the heart of any modern security strategy.

Protecting yourself and your organization

In light of these evolving risks, it is essential for both individuals and organisations to adopt practical measures that address the increasingly blurred line between digital and physical security. Here are some practical steps.

For individuals:

• Limit online sharing: Avoid posting real-time locations, travel plans, or daily routines on social media or fitness apps.
• Review privacy settings: Regularly audit your online profiles and restrict access to personal information.
• Be wary of unsolicited contact: Always verify the identity of anyone requesting sensitive information, especially via phone or video call.
• Vary your routines: Don’t make it easy for someone to predict your movements.

For organizations:

• Foster a culture of security: Regular training and awareness campaigns help staff recognise and resist social engineering.
• Integrate cyber and physical security teams: Treat all threats as part of a single risk landscape, not as isolated issues.
• Implement layered defences: Use a combination of technical, procedural, and physical controls to protect both digital and real-world assets.
• Engage with industry peers: Share intelligence and best practices to stay ahead of emerging threats.

The need for integrated, proactive security 

The threats facing the digital asset industry are evolving rapidly, and attackers are growing ever more creative in how they exploit both technology and human behaviour. As recent events have shown, even the most sophisticated defences can be undermined if we overlook the simple ways our digital lives intersect with the real world.

Looking ahead, it’s vital for organizations to foster a culture of vigilance and shared responsibility, whether that means thinking twice before sharing travel plans online or ensuring our teams are trained to spot the latest phishing tactics. There’s no silver bullet, but by combining robust technology, ongoing education, and open collaboration across the industry, we can raise the bar for everyone’s safety.

Ultimately, the challenge is not just technical; it’s personal. Security is about protecting people as much as assets. By staying alert, questioning what we share, and working together, we can help ensure that the highest standards of protection match innovation in digital finance.