All posts
SecurityMay 14, 2026

The new Web3 security playbook: a conversation with Adam Healy

RS
Raz SchenirerStation70

If you want to understand what keeps institutions up at night, Adam Healy is the person to ask. With over two decades of experience spanning the US Intelligence Community, Fortune 100 corporations, and companies including Microsoft, BlockFi, and Bakkt, Healy has spent his career at the intersection of high stakes risk and infrastructure. As former Chief Security Officer at BlockFi, he led global teams across cybersecurity and cloud engineering during one of the most turbulent periods in the industry’s history.

Today, as CEO of Station70, he is channeling all of that into security engineered for institutions where failure is irreversible. Station70 works with exchanges, custodians, and operators to keep critical assets intact when things go sideways. Healy’s framework breaks the current threat landscape into three overlapping categories.

Three categories of risk

1. Cybersecurity risk
The conventional forms: credential compromise, cloud misconfiguration, and privileged access abuse. These are not new problems, but the scale of damage is extraordinary. The 2025 Bybit breach saw roughly $1.5 billion stolen, the largest exchange hack on record, and one that likely would have been stopped by basic endpoint controls. North Korean groups reportedly stole around $2 billion in crypto during 2025 alone.
2. Integrated risk
Blended attacks where the human layer is the vulnerability. Attackers combine phishing with credential compromise and transaction approval manipulation to defeat multisignature and governance controls simultaneously. The attack is no longer a single vector. It is a coordinated campaign.
3. Kinetic risk
Where the threat landscape diverges most sharply from traditional finance. Institutions build at speed, protocols compose on one another, and the people holding the keys are increasingly known to the world. Physical coercion cases have made key holder safety a board level concern.

The takeaway

Security in traditional finance is hard. Security for digital assets is a different category of problem entirely. The institutions that endure will be the ones that engineer for all three risk categories at once, with infrastructure that assumes compromise and still recovers.

Security for what you can least afford to loseLearn how Station70 protects keys, identities, and access.
Learn more