The security threats faced by digital asset traders are becoming increasingly severe.

Recently, a well-known digital asset trading platform suffered a data leak event, triggering widespread concern in the industry about security issues. A co-founder of a blockchain security company pointed out that digital asset traders are extremely sensitive to the privacy issues of data leaks, as a single private key can move assets and is almost impossible to recover, making them prime targets for criminals. This view directly addresses the core contradiction of the industry's security ecosystem — while on-chain defense technologies continue to upgrade, threats from the physical world have become the new weak link.

Although the overall level of security in blockchain networks has improved, criminals have not ceased their activities. On the contrary, they continuously explore the weak points of defenses and look for new attack paths. According to an annual report by a certain security company, phishing attacks have become the most common and impactful means of attack on the chain, causing losses of approximately $1.05 billion last year. This trend indicates that attackers are shifting from purely technical vulnerabilities to more easily achievable and high-return attack methods, such as social engineering and physical threats. The recent frequent data breach incidents and offline threats such as kidnappings further highlight the current situation where single-point defenses are difficult to cover comprehensively.

Security has never been a competition of a single dimension, but rather a continuous evolution of offensive and defensive strategies. Industry experts call for the establishment of a broader security collaboration network, including the coordination of tech companies, government agencies, and law enforcement. As indicated by the French government opening an emergency hotline for Web3.0 practitioners, only by combining on-chain defense, data privacy protection, and physical security measures can we respond to this "war intertwining the digital and the physical."

Before a trading platform disclosed that hackers had stolen customers' home addresses and account balances, some security companies had already noticed that an increasing number of clients holding large amounts of digital assets were seeking security services such as bodyguards. With the frequent kidnapping cases in the Web3.0 industry, more and more digital asset holders are feeling concerned about this. Recently, a group of attackers attempted to kidnap a family member of an executive from a French Web3.0 project.

The physical security risks faced by Web3.0 investors are different from those of traditional financial clients. Public blockchain networks like Bitcoin and Ethereum allow for instant and anonymous asset transfers, which means that once an investor is forced to give up their private keys or access permissions, their funds can disappear within seconds, with almost no chance of recovery. In contrast, when traditional bank accounts are compromised, law enforcement can usually assist victims in recovering losses by freezing accounts or taking other measures.

As online security measures continue to upgrade, some attackers have begun to turn to more direct physical threats. A CEO of a security company pointed out that the rapid development of the Web3.0 industry has made it exceptionally difficult to breach network defenses, to the extent that criminals have to resort to physical attacks to acquire assets.

This high emphasis on security is also reflected in the security expenditures of industry leaders. According to a regulatory document from April, a certain trading platform spent $6.2 million last year on the personal security of its CEO, far exceeding that of CEOs in traditional finance and tech giants.

Although a certain trading platform claims that this leak only affects less than 1% of active users, hackers have obtained customers' names, addresses, ID images, transaction records, and account balances over a period of months. Some customer support staff even provided hackers with access to internal company data in exchange for bribes.

Criminals have already used this information to deceive some customers into disclosing account access or directly transferring their tokens. Similar to traditional bank data breaches, this personal information can also be used for online fraud and identity theft. However, for Web3.0 investors who have participated in the market anonymously for a long time, physical threats are particularly concerning.

In response to this escalating threat, the French government has begun to take emergency measures. The French Minister of the Interior stated that a priority emergency hotline will be established for the Web3.0 industry, and elite police units will be organized to provide security checks and protection advice for Web3.0 executives and their families.

On social media, recent attack and kidnapping incidents have sparked widespread discussion, with many digital asset traders indicating that they will try to avoid going to France in the near future. The annual blockchain conference in Cannes has also strengthened security measures for this summer's event. A spokesperson for the event organizers stated that this conference will not only cooperate with local police but also coordinate with multiple law enforcement agencies, special forces, and private security companies in France to address potential threats.

However, such issues are not unique to France. A Bitcoin security expert has been maintaining a public database of physical attacks on digital asset holders, which has recorded over 20 similar incidents worldwide just this year.

Some companies in the United States related to digital assets are also beginning to strengthen security investments for executives. For example, one company spent about $800,000 on personal security for its CEO in 2024, while another company invested $1.6 million for its CEO.

In addition to bodyguard services, some security companies also offer bulletproof vehicles, home safety assessments, and social media monitoring to help clients avoid inadvertently disclosing their location information.

"Customers usually only realize the severity of the threat after experiencing it firsthand or seeing similar events in the news, but once they understand the situation, they take it very seriously," said a security expert. "People are gradually becoming aware that digital assets can also pose risks in the real world."