Crypto’s security nightmare won’t be solved by ordinary audits

The crypto sector has been plagued by cybersecurity failures for years. Malicious actors, including North Korea’s Lazarus Group, have stolen more than $2.2 billion since 2022, even as the industry has tripled its number of code audits over the same period. Oak Security’s research shows why: most successful attacks exploit human and operational vectors that completely bypass the surfaces traditional audits protect.

Auditing has become more sophisticated and smart contract code quality has improved; audits are doing what they are designed to do by uncovering coding errors and reducing code-based exploits. Yet a growing disconnect remains between what audits examine and what attackers actually exploit.

The largest losses now stem from compromised private keys, governance manipulation, insider compromise, malicious dependency updates and operational failures—weaknesses that a code review alone cannot prevent. Platforms frequently advertise how many audits they have or the prestige of their auditors, creating a shorthand for safety.

North Korea

crypto security, code audits, smart contracts, private keys, governance manipulation, insider compromise, dependency updates, operational failures, lazarus group, oak security