CoinDesk
Despite tripling the number of code audits since 2022, the crypto sector has not meaningfully reduced the number of incidents or the total value stolen — Lazarus Group alone has taken more than $2.2 billion over that period. Research from Oak Security explains why: the majority of successful attacks now target human and operational vectors that traditional audits were never designed to catch.
Why it matters
The mismatch is structural. Audits evaluate smart contract code at a fixed point in time, under a defined scope. They cannot stop a developer from clicking a phishing link, prevent a compromised private key, detect a malicious dependency update, or flag a governance manipulation. The KelpDAO hack was a recent reminder that users do not distinguish between a code bug and a centralised off-chain failure — they simply see another "audited" protocol lose millions overnight. When projects market themselves as "fully audited," they create a dangerous illusion of safety that may actually reduce vigilance against the costliest attack vectors.
Market impact
The industry's continued losses erode mainstream confidence and directly undermine the case for mass adoption. Oak Security argues that the next phase of crypto security requires defense-in-depth: rigorous key management, signer decentralisation, governance constraints, anomaly detection, real-time monitoring, and circuit breakers — essentially hardening the human layer that attackers have already pivoted to exploit. Platforms that treat audits as a badge rather than one layer of a broader security stack remain the most exposed.
Frequently asked questions
-
Why haven't more audits reduced crypto losses since 2022?
Oak Security research shows most successful attacks now target human and operational vectors — compromised private keys, phishing, governance manipulation — that traditional code audits are not designed to detect, creating a structural mismatch between what audits cover and what attackers exploit.
-
What does the 'fully audited' label actually guarantee for users?
An audit is a limited evaluation of a specific codebase at a specific point in time. Once a protocol upgrades contracts, changes governance, or alters operational practices, that audit's assurances no longer apply — yet the badge is often marketed as broad, ongoing protection.
-
How much has Lazarus Group stolen from crypto since 2022?
North Korea's Lazarus Group has stolen more than $2.2 billion from the crypto sector since 2022, making it one of the most consequential single threat actors in the industry's history.
-
What security measures does Oak Security say the industry needs beyond audits?
Oak Security calls for defense-in-depth: strong key management, signer decentralisation, governance constraints, anomaly detection, real-time monitoring, and circuit breakers — measures that harden the human and operational attack surface attackers now primarily target.
-
How did the KelpDAO hack illustrate the limits of the current audit model?
The KelpDAO exploit involved a centralised off-chain point of failure rather than a smart contract bug, yet users and market confidence suffered the same damage — demonstrating that the audit-centric security narrative fails when the real vulnerability sits outside the codebase.
Lookonchain
Crypto News
TheBlock
Glassnode
Crypto Rank News
CoinTelegraph
WuBlockchain