“If You Think Crypto Security Is A Tech Problem, You’re Missing The Point,” Says Phemex Ceo Federico Variola
- AI changes the tools, but the weak point is still people – how they talk to each other, make calls quickly, and decide who to trust.
- Across exchanges and wallets, there’s a shared understanding that routine habits shape how incidents happen.
- “You can probably say that this year is the worst year for cybercrime, and next year will be worse again.
- And that’s not because we’re getting worse at security.
What Happened
Speaking during a recent panel discussion alongside Ian Rogers, Chief Experience Officer at Ledger, and Dmitry Budorin, co-founder and CEO of cybersecurity firm Hacken, Variola explained how crypto security threats are showing up in practice. AI changes the tools, but the weak point is still people – how they talk to each other, make calls quickly, and decide who to trust.
Much of this comes down to everyday behavior. Across exchanges and wallets, there’s a shared understanding that routine habits shape how incidents happen. For Federico Variola, that translates directly into how exchanges design processes, introduce friction, and manage how people interact with wallets, social platforms, and on-chain identities.
“These actors are well-funded, sometimes state actors, and they’re moving at a speed that’s very difficult to catch up with. At the same time, the tools we’re all using, like AI and automation, are all double-edged swords. If we can use these tools, attackers can use them too. Social attacks become more complex. People have taken my likeness and used it in video calls to try to scam investors or business partners.”
Market Context
“It’s becoming harder and harder to prove that you are actually you.” That observation, shared by Federico Variola, CEO of Phemex, captures a growing concern across the crypto industry – one that goes far beyond smart contracts or infrastructure bugs.
As crypto grows, so do the incentives for attackers. Variola says this creates a constant imbalance, with attack capabilities often moving faster than protections, especially during bull markets.
“We’re probably in this middle period where capabilities grow faster than protections. And every bull run, you have very rational people telling you why you should take shortcuts on security, or on self-custody, or on both, and it always ends in the same place.”
During periods of high market activity, those risks intensify.
“When there’s a bull market, users expect hot wallets to be full. They’re moving quickly, often with large amounts, especially in altcoins. The demands from users are very pressing.”
Why It Matters
As Rogers put it during the panel, “any of us could fall for it.” Even within crypto-native teams, the combination of familiarity, urgency, and well-crafted social engineering is often enough to bypass otherwise strong security practices.
“What we guarantee to users has to be completely untouchable, and that’s the cold wallet. That’s non-negotiable. Hot wallets, by definition, present an inherent risk because they’re always online.”
Details
More Value, Bigger Targets
Early in the discussion, Federico addressed a question the industry keeps asking itself: is crypto getting worse at security, or are attackers simply getting better?
“You can probably say that this year is the worst year for cybercrime, and next year will be worse again. And that’s not because we’re getting worse at security. It’s because there’s more value. When you have more value, the size of the prize gets bigger. And when the prize gets bigger, you get more people trying to extract that value.”
Rogers shared a simple example to underline the point. Even very experienced people in crypto, including those closely involved in wallet development, have found themselves caught out by convincing links shared through platforms like Discord or browser wallets. His point was that experience helps, but it doesn’t remove the need for constant care.
When Identity Becomes the Weak Point
Where Variola sees the biggest shift is in how attacks are executed.
Ian Rogers echoed this from the hardware wallet perspective, noting that many attacks today are more about psychology than technology. For Variola, that matches what exchanges see in practice: convincing people is often easier than breaking systems.
The Exchange Reality: Cold, Hot, and Human
From an exchange standpoint, Federico was careful to separate guarantees from assumptions.
This pressure creates tension. Users want speed and convenience. Security, however, often requires friction.
“You have to add layers of friction in order to keep funds safe, regardless of what users are asking for. In a way, you end up having to fight back a little bit against your own users.”
It’s an uncomfortable reality for exchanges, but one Federico believes is unavoidable if platforms are serious about long-term protection rather than short-term satisfaction.
What Experience Teaches You
During the panel, Variola briefly referenced a security incident Phemex experienced last year.