Security & Compliance

Crypto’s overlooked attack surface

Smart contract audits, penetration testing, bug bounties, infrastructure hardening — all essential. But there’s another surface that quietly shapes user protection: support operations. Every interaction where an agent accesses user data, verifies an identity, or handles a sensitive account is part of your security posture.

6 min read · June 2026
A security analyst monitoring crypto operations dashboards in a dark operations center
$9.3B
Crypto losses reported to the FBI in 2024 (+66% YoY)
30%
Of breaches trace to partner security-alignment gaps
442%
Rise in voice-phishing attacks across 2024

The industry has noticed

Support is becoming a strategic consideration in security planning — not as a liability, but as a chance to build trust by design. Venminder’s State of Third-Party Risk Management 2025 found that 30% of data breaches now stem from security-alignment gaps between organizations and their operational partners — a 15% increase from 2023. In crypto, where teams handle sensitive user data daily, that weight is amplified.

The numbers tell the story

In 2024, Americans filed over 149,000 crypto-related complaints with the FBI, with losses totaling $9.3 billion — a 66% jump year over year. The CFPB’s complaint bulletin noted a recurring theme: poor customer service runs through crypto complaints. These are users who reached out for help and met operations that weren’t equipped to protect them.

Insider incidents

The Ponemon Institute’s 2025 Global Report puts the average cost of insider-related incidents at $17.4 million annually — up from $16.2 million in 2023. Organizations see an average of 13.5 insider incidents per year, each costing roughly $676,517 to resolve and 81 days to contain. Verizon’s 2025 DBIR adds that 89% of malicious insider breaches are financially motivated. In crypto, where transactions are irreversible, these numbers matter.

An evolving landscape

Palo Alto’s Unit 42 documented a shift in 2024–2025: more than a third of social-engineering incidents involved help-desk manipulation. CrowdStrike’s 2025 Global Threat Report adds that voice-phishing attacks rose 442% between the first and second halves of 2024. The role of support in security strategy is getting attention — from companies and regulators alike.

What Security DNA looks like

What separates operations that consistently protect users isn’t only who works there — it’s how the company is built. Security DNA shows up across five structural dimensions: governance & compliance (formal policies, PCI-DSS and SOC 2, regulatory alignment); security architecture (access controls, encrypted infrastructure, monitoring); operational design (segregation of duties, clear escalation, minimized exposure); organizational culture (leadership that prioritizes protection, continuous training); and continuous improvement (audits, threat monitoring, evolving controls).

Regulators have noticed

In May 2024, NYDFS issued guidance requiring crypto service providers to implement formal complaint-resolution mechanisms with quarterly analysis. Support infrastructure is now compliance surface area — a recognition that how you support users connects directly to how well you protect them.

We’ve got your back. Crypto-native.

Let's talk operations

Strengthening CX or risk operations in a regulated environment? We'll help you design a scalable, compliance-aware model.

Request Information