Hackers have never been regulated, but deregulation gives them more to hack | Opinion
Disclosure: The views and opinions expressed here belong solely to the author and do not represent the views and opinions of crypto.news’ editorial.
Hackers don’t wait for regulatory clarity, lobby for new laws, or participate in oversight committees. They operate outside the system, always have. But as the United States pushes forward with crypto deregulation, we’re giving them more opportunity than ever before.
- Deregulation isn’t breeding hackers — it’s breeding victims by flooding the space with unprotected, inexperienced users and stripping away oversight.
- Weak guardrails expand the attack surface, creating systemic vulnerabilities that span finance, defense, and digital identity.
- AI-driven finance magnifies risk, with autonomous agents managing funds and trades vulnerable to hijacking at a massive scale.
- Good-faith builders are left unsupported, competing against corner-cutters without consistent security standards or shared infrastructure.
- Security must come before scale, with public-private partnerships funding open-source protections, enforcing disclosure standards, and embedding safeguards by design.
The misconception is that deregulation will create more hackers. But what it will do in reality is create more victims.
By increasing the number of users entering the space without proper guardrails, the attack surface expands exponentially. These new users, often less technically sophisticated and unaware of the risks, become easy targets. This results in systemic vulnerability with national implications.
Ticking time bomb
Recent moves to ease oversight, such as disbanding key enforcement units or pausing regulatory actions, have been framed as innovation-friendly. But they also strip away the very systems designed to monitor, contain, and prevent abuse.
It’s like removing traffic lights to speed up transportation. You might reduce friction for a while, but you’re guaranteeing collisions. The same holds true here. When oversight is weakened and compliance becomes optional, malicious actors exploit the vacuum.
Hackers and state-sponsored groups are watching. They’re not slowed by red tape or waiting for the next committee hearing. They move in milliseconds, operating across jurisdictions, often shielded by anonymizing technology and decentralized systems. In that environment, every new user, every wallet, and every smart contract becomes a potential exploit.
Broader digital risk
To treat this purely as a crypto issue is to miss the bigger picture. What we’re seeing is a collapse of the boundary between financial infrastructure, national defense, and digital identity.
AI systems are being woven into this fabric at an unprecedented pace. Code is now executing financial decisions at scale, across borders, without human intervention. As we move deeper into an AI-native economy, the potential for catastrophic breaches grows.
If these systems are not designed with security at their core, they will become the weakest link in everything from consumer finance to defense logistics. Even a minor breach can have ripple effects across global markets and infrastructure networks.
Builders are set up to fail
At the same time, good-faith developers and companies are left in limbo. They’re told to innovate, move fast, and compete globally, yet are offered no clear regulatory framework, no consistent standards, and no protective infrastructure to support secure innovation.
This creates a fragmented ecosystem where each company builds in isolation, making up its own rules as it goes. Some try to do the right thing, investing in security, privacy, and compliance, but without enforcement or shared benchmarks, they’re left competing against those who cut corners or ignore safety altogether.
The message is clear: if you want to survive, take shortcuts. That’s how systemic failure begins.
The wake-up calls we ignored
In the past 12 months, we’ve seen multiple high-profile breaches that should’ve sparked serious reform, but didn’t. The Bybit hack alone cost $1.5 billion, not because of faulty blockchain infrastructure, but due to social engineering and verification flaws. Human operators were tricked into approving fraudulent withdrawals.
This was a breach that exploited weak process design, not weak code.
Phishing scams surged nearly 60%, targeting both retail users and institutions. Sophisticated deepfakes are being used to impersonate executives, reroute funds, and deceive entire organizations. We’ve entered an era where an attacker doesn’t need to crack code; they just need to simulate trust.
The common thread? Every exploit targeted the human layer, precisely where deregulation leaves the most exposure.
AI agents are next
As the U.S. commits over $500 billion toward AI research and development, we are entering a new chapter in digital finance. AI-powered programs capable of managing wallets, executing trades, and interacting with DeFi protocols will soon act on behalf of users and institutions.
They’ll make decisions, move funds, and interact with other agents in real time. Without embedded safeguards, like zero-trust architecture, behavioral verification, and real-time fraud detection, we risk unleashing autonomous systems into financial ecosystems they’re ill-equipped to navigate safely.
Imagine a future where AI agents are hijacked, manipulated, or misdirected. The potential damage isn’t limited to a single wallet. It could be millions of transactions, affecting thousands of users, executed in minutes before anyone notices.
That’s the scale of risk we’re talking about.
Builders can’t do it alone
There are promising technologies already in development. Send-to-name protocols, for example, replace vulnerable public addresses with cryptographically protected, human-readable names that generate new receive addresses for every transaction. This makes phishing nearly impossible and eliminates the risk of funds being sent to the wrong party.
Other tools, like decentralized, off-chain KYC/AML systems, provide a way to ensure compliance without compromising user privacy, something regulators and builders have long seen as a tradeoff.
But adoption of these solutions remains slow, underfunded, and fragmented. Builders working in isolation can’t shoulder the burden of securing an entire industry. We need a coordinated response.
Security-first strategy
To secure the future of digital finance, we need a public-private partnership built around secure-by-design principles, funding open-source security infrastructure that can be audited, improved, and adopted industry-wide; standardize exploit disclosure programs and incentivize zero-day reporting instead of punishing it, and support identity frameworks that verify users without exposing sensitive data.
Most importantly, security needs to be recognized as a growth driver, not a cost center. A secure ecosystem is a trusted ecosystem, and trust is what unlocks real adoption at scale.
Deregulation alone is not a strategy
Hackers aren’t waiting. They’re already inside smart contract environments, using AI to mimic users. They’re already exploiting fragmented infrastructure to move value invisibly and instantly.
Deregulation doesn’t create them, but it does make their job easier.
The only way to build a truly resilient crypto economy is to prioritize security before scale. Without it, every step forward is another risk waiting to be exploited.
