The New Web3 Security Playbook: A Conversation With Adam Healy

If you want to understand what keeps crypto institutions up at night, Adam Healy is the person to ask. With over two decades of experience spanning the U.S. Intelligence Community, Fortune 100 corporations, and some of the most consequential names in technology including Microsoft, Blockfi and Bakkt, Healy has spent his career at the intersection of high stakes risk and infrastructure. As former Chief Security Officer at BlockFi, he led global teams across cybersecurity and cloud engineering during one of the most turbulent periods in the industry's history. Today, as CEO of Station70, he's channeling all of that into something the Web3 world desperately needs: security engineered for the new world of crypto.

Station70 is a security and infrastructure company designed specifically for digital asset institutions. It offers disaster recovery, key protection, and identity services tailored to the unique threat profile of crypto. Station70 works with exchanges, custodians, and operators to keep critical assets intact even when things go sideways, and the client list, which includes Stacks, CoinShares, Maple (and hundreds more), tells you everything about where the crypto market's trust currently sits.

Security in traditional finance is hard. Security in Web3 is a different category of problem entirely, which is why the Web3 world is only getting more interesting. What makes this space particularly fascinating from a security standpoint is that the threat surface keeps expanding in unexpected directions. It's not just about protecting code anymore. Institutions are building at speed, protocols are composing on top of one another, and the people holding the keys are, increasingly, known to the world.

Healy's framework breaks the current threat landscape into three overlapping categories: cybersecurity risk, integrated risks, and kinetic risk.

The first is cybersecurity risk in its more conventional forms, which include credential compromise, cloud misconfiguration, and privileged access abuse. These aren't new problems, but the scale of damage in crypto is extraordinary. The 2025 Bybit breach saw approximately $1.5 billion stolen, making it the largest crypto exchange hack on record, which would have likely been stopped by simple endpoint security controls. Earlier this year, a smart contract exploit on Truebit resulted in roughly $26 million in losses, a reminder that protocol level vulnerabilities remain a serious problem. Then there's the nation-state dimension: North Korean cyber groups reportedly stole around $2 billion in crypto during 2025 alone, deploying sophisticated social engineering and insider access to do it.

That last tactic bleeds into the second category: integrated risks. These are the blended attacks where the human layer is the vulnerability. Social engineering and impersonation dominate losses here, with attackers using credential theft and targeted employee manipulation to route around technical controls that might otherwise hold. Increasingly, attackers aren't just phishing, they're combining phishing with credential compromise and transaction approval manipulation to defeat multi-signature and governance controls simultaneously. The attack is no longer a single vector. It's a coordinated campaign.

The third category is the one that signals a genuine inflection point for the industry: kinetic risk. This is where crypto's threat landscape diverges most sharply from anything in traditional finance. A 2025 kidnapping and torture case in Manhattan involved criminals holding a victim for weeks to extract Bitcoin credentials. In France, armed attackers forced victims to transfer $1 million in Bitcoin during a home invasion. Across the US, Asia, and Europe, crypto entrepreneurs and their family members have been targeted in abductions and attempted abductions. The wealth is visible, the assets are liquid, and the window to act (before a transfer hits the chain) is narrow. That combination has created a new category of organized crime with a very specific target profile. The truth is, the scale of the problem is larger than public reporting suggests. A specialized unit within the French National Police tracking this threat vector has estimated more than 300 such cases globally in the last 24 months alone, most of which never surface in press coverage. What makes it into the news is just the visible edge of a much deeper pattern.

The answer to all of this isn't paranoia, it's architecture. On the cyber side, that means red-teaming custody and transaction approval processes, hardening privileged access controls, and developing crypto-specific incident response playbooks rather than borrowing generic frameworks from industries with different risk profiles. On the integrated side, it means treating insider risk as a formal program, not an afterthought, and building real separation of duties into transaction authorization. And on the kinetic side, the part of the conversation the industry has been slowest to have, it means executive security protocols, coercion response planning, and crisis simulations that take physical threats as seriously as digital ones.

The era of treating security as a compliance checkbox is over. The criminals willing to show up at someone's door are paying close attention, and in this industry, so must the people protecting it.

‍