“It’s becoming harder and harder to prove that you are actually you.” That observation, shared by Federico Variola, CEO of Phemex, captures a growing concern across the crypto industry – one that goes far beyond smart contracts or infrastructure bugs.
Speaking during a recent panel discussion alongside Ian Rogers, Chief Experience Officer at Ledger, and Dmitry Budorin, co-founder and CEO of cybersecurity firm Hacken, Variola explained how crypto security threats are showing up in practice. AI changes the tools, but the weak point is still people – how they talk to each other, make calls quickly, and decide who to trust.
Much of this comes down to everyday behavior. Across exchanges and wallets, there’s a shared understanding that routine habits shape how incidents happen. For Federico Variola, that translates directly into how exchanges design processes, introduce friction, and manage how people interact with wallets, social platforms, and on-chain identities.
More Value, Bigger Targets
Early in the discussion, Federico addressed a question the industry keeps asking itself: is crypto getting worse at security, or are attackers simply getting better?
As crypto grows, so do the incentives for attackers. Variola says this creates a constant imbalance, with attack capabilities often moving faster than protections, especially during bull markets.
Rogers shared a simple example to underline the point. Even very experienced people in crypto, including those closely involved in wallet development, have found themselves caught out by convincing links shared through platforms like Discord or browser wallets. His point was that experience helps, but it doesn’t remove the need for constant care.
When Identity Becomes the Weak Point
Where Variola sees the biggest shift is in how attacks are executed.
Ian Rogers echoed this from the hardware wallet perspective, noting that many attacks today are more about psychology than technology. For Variola, that matches what exchanges see in practice: convincing people is often easier than breaking systems.
As Rogers put it during the panel, “any of us could fall for it.” Even within crypto-native teams, the combination of familiarity, urgency, and well-crafted social engineering is often enough to bypass otherwise strong security practices.
The Exchange Reality: Cold, Hot, and Human
From an exchange standpoint, Federico was careful to separate guarantees from assumptions.
During periods of high market activity, those risks intensify.
This pressure creates tension. Users want speed and convenience. Security, however, often requires friction.
It’s an uncomfortable reality for exchanges, but one Federico believes is unavoidable if platforms are serious about long-term protection rather than short-term satisfaction.
What Experience Teaches You
During the panel, Variola briefly referenced a security incident Phemex experienced last year.
The most important takeaway was about people.
Dmitry Budorin offered a blunt analogy for how these attacks work, comparing phishing to fishing. Even if the fish isn’t stupid enough to bite the plastic lure, he explained, moments of routine or distraction are often enough for attackers to succeed. In his words, inevitability is the danger.
That way of thinking lines up closely with how Variola approaches security.
Budorin went further, arguing that in many cases the primary target isn’t a junior employee at all, but the CEO. Public figures, founders, and executives are often attacked directly, precisely because of their visibility and authority within the industry.
Following the incident, Phemex increased security across the board, but the bigger change was internal.
Social Layers and Financial Layers Don’t Mix
Federico Variola was particularly critical of how casually sensitive interactions take place in environments never designed for security.
He also expressed discomfort with growing trends around wallet tracking and public attribution.
Decentralization Changes the Economics of Attacks
Looking ahead, Variola sees decentralization and self-custody as part of a broader change in how crypto security plays out.
That doesn’t eliminate risk. It redistributes it.
For exchanges, that means adaptation, not resistance.
What Crypto Will Still Be Fighting in Five Years
Looking ahead, Federico Variola doesn’t frame the challenge as something crypto will simply “solve” and move past.
Asked whether AI helps defenders as much as attackers, his answer was straightforward: “Unfortunately, I think it enhances attackers more than it makes people secure.”
Variola sees this as a moment of maturity for the industry. Crypto draws strong technical talent, and security is becoming part of how companies operate and communicate day to day. In systems built to limit reliance on trust, the focus now turns to understanding where trust still exists and managing it thoughtfully.
Source: https://beincrypto.com/phemex-ceo-crypto-security-not-just-tech-problem/
