Q: Every week there seems to be another headline about a major crypto hack. What’s your reaction when you see those stories? Michal “Mehow” Pospieszalski: Every time I read another headline a
Q: Every week there seems to be another headline about a major crypto hack. What’s your reaction when you see those stories?
Michal “Mehow” Pospieszalski: Every time I read another headline about a billion-dollar crypto hack, I feel two things at once: anger and responsibility.
I’ve spent the last 20 years working in cybersecurity. Before crypto, I worked in the Beltway trenches, helping government systems keep bad actors out. After that, I was a white-hat hacker, showing companies how easily their digital doors could be kicked in.
But here’s the truth most people don’t want to hear: Crypto isn’t getting hacked because it’s decentralized. It’s getting hacked because it was never designed for humans.
Q: Most people assume these attacks are highly sophisticated technical exploits. Is that really what’s happening?
Pospieszalski: Not usually. One look at the latest wave of scams—whether it’s fake X links mimicking wallet URLs, copy-paste address swaps stealing millions in seconds, or AI-generated “support agents” tricking users in Discord—reveals they aren’t zero-day exploits or deep protocol bugs. They’re user experience failures, at scale.
People are getting tricked because they’re asked to make collectively billion-dollar decisions using unreadable wallet strings, clunky confirmation windows, and no clear way to verify who they’re sending to.
Phishing isn’t a bug—it’s become a feature of poor design.
Q: If the problem is user experience, what does the solution look like?
Pospieszalski: The answer is simplicity.
What we need as a space is to eliminate address-based phishing entirely. Instead of copying a wallet address, you should be able to just type a name. Under the hood, the system then generates a stealth, unique address known only to sender and receiver.
It’s the difference between asking users to check every pixel of a 42-character string and letting them send crypto the same way they send a Venmo payment.
Q: Why is solving this becoming more urgent now?
Pospieszalski: The stakes are higher than ever.
With $1.5 billion stolen in the latest Bybit hack, phishing attacks up 58% year over year, and nine out of 10 organizations reporting security breaches, the threat landscape is evolving rapidly. Deepfakes, voice phishing, and AI-powered social engineering are now targeting reserve-backed chains and financial infrastructure.
If we want to future-proof crypto, we need to redefine how digital assets are transacted, stored, and secured.
Send-to-name technology, where receive addresses are generated privately between sender and recipient with no public transaction history, offers exactly that. When embedded alongside off-chain KYC/AML compliance systems, it can power the U.S. Crypto Strategic Reserve and other sovereign-grade networks to operate with frictionless, fully compliant asset management for individuals, institutions, and autonomous AI agents alike.
Q: Do you think centralized exchanges and DeFi platforms are doing enough to protect users?
Pospieszalski: No.
The Bybit breach wasn’t some unsolvable mystery. Neither was the Coinbase mass phishing scam or any of the myriad wallet-poisoning scams that occur daily. These are predictable, repeatable failures that could’ve been prevented by simply not exposing wallet addresses at all.
The crypto industry is drowning in post-mortems. What we need are pre-mortems—systems that don’t just detect fraud after it happens but make it mathematically impossible before it starts.
That’s what send-to-name does. And it works across Ethereum, Bitcoin, Solana, and beyond. If we don’t build in safety ourselves, governments will do it for us.
Q: If you could leave the industry with one message, what would it be?
Pospieszalski: Security shouldn’t be a plug-in.
Crypto can do better—not with more rules or another plugin, but with default-private, human-readable, send-to-name infrastructure that stops scams before they start.
It’s time to fix the foundation. The rest is just noise.
