Andrew MacPherson
Your Apes May Be Gone, But the Hackers Made $9 Billion and They’re Still Here
Last year, crypto thefts hit $9.32 billion—more than half of all cybercrime losses. North Korea just pulled off a $1.5 billion heist from a single exchange. Meanwhile, most security professionals still think crypto is just magic internet money for buying NFT monkeys.
This talk is for the crypto-skeptical security professional who’s tired of hearing about “blockchain”. I’ll show you why crypto security is 90% the same Web2 skills you already have—phishing, social engineering, API abuse—just with irreversible consequences and way better attacker ROI.
We’ll start with a practical crypto primer covering the essentials: how blockchains work, what wallets actually do, and why stablecoins matter. Then we’ll dive into the current threat landscape: who’s stealing what, how OFAC sanctions work in a pseudonymous world, and why traditional threat intel is failing miserably at tracking crypto crime.
Most importantly, I’ll show you what makes crypto security uniquely interesting. You’re dealing with immutable code, irreversible transactions, and attackers monetary wins that can’t just be rolled or clawed back. The threat actors range from nation-states to teenage hackers, the attack surface spans everything from smart contract logic to social engineering, and the defensive tooling is still being invented.
Come for the massive heist stories, stay because you realize this is an unexplored frontier with its own unique problems. By the end, you’ll understand why crypto security attracts both sophisticated attackers and curious defenders—not for the hype, but because it’s a different kind of security challenge worth understanding.
Key Takeaways:
- Why crypto crimes now dominate cybercrime statistics
- How your existing security skills translate directly to Web3
- What makes crypto security different from traditional infosec
- Practical resources to explore this space without the hype
Andrew has been breaking, building, and defending things in infosec for over two decades (wow old). Starting at Paterva he spent 10+ years creating Maltego before moving to the US for security roles at BitMEX (IR), Robinhood (IR/D&R), Uniswap (Head of Security), and now Privy (Principal Security Engineer). He’s spoken at Black Hat, DEF CON, DSS, EthCC and countless others, teaching courses and drinking malibu on the way. When not thinking about security, he’s into cat memes, punk rock, and getting involved in just the right amount of unhinged shit to keep security interesting.
