In the world of digital assets, things can go wrong in a matter of minutes:
- a compromised wallet
- a failed (or fraudulent) counterparty
- an insider with access they shouldn’t have
- or a dispute that freezes assets when you can least afford it
These events are happening across the digital asset sector with increasing frequency.
When we say “compromised wallets”, we’re not only talking about a lost private key. It routinely includes hacks, phishing and social engineering, address poisoning, and malicious smart contract interactions.
Some of the largest thefts have used these methods, including the Bybit hack in February 2025, which involved transaction signing manipulation and social engineering, with reported losses at around $1.5 billion US dollars.
Practically speaking, the options available to remedy such events can narrow very quickly:
- Evidence may already be lost
- Value may already have leaked
- And recovery — where it’s possible at all — becomes more complex, more time‑critical, and more expensive
It’s also not just a technical issue. A theft or a freeze can rapidly become a liquidity event: collateral shortfalls, halted withdrawals, and a sudden lack of operational funding for remediation or keeping the organisation running. In a worst‑case scenario, it stops being “a cyber incident” and becomes a solvency issue.
However, we also see a very different outcome where there has been early consultation and planning — not because early advice prevents every incident, but because it reduces the damage when something does go wrong.
Early preparation creates clarity on decision‑making, improves speed of response, and keeps organisations in control when pressure is at its highest.
In the digital asset context, “robust” needs to be practical — not theoretical. It means:
- clear governance and authority
- custody and access controls that reflect the real risk profile of the business
- and it means incident response arrangements that are understood, tested, and capable of being executed quickly.
Contingency planning is often the most underestimated element.
- What happens if an exchange suspends withdrawals?
- If a key individual is unavailable at a critical moment?
- Or if there’s a suspected compromise and decisions need to be taken immediately?
A practical question to consider is where an incident response plan actually lives. If it’s stored on the same systems that could be compromised, it may be inaccessible when needed most.
Offline backups — including a hard‑copy “break glass” pack with key contacts, decision rights and first‑hour steps — can make a critical difference.
If you operate in the digital asset sector, it’s increasingly “when, not if”. The difference is preparation — and the first hour.
When something does occur, early engagement allows for fast triage, evidence preservation, and clear stakeholder management.
It opens up practical options — including mitigation strategies, negotiated outcomes, restructuring pathways, and recovery strategy — rather than simply reacting as events unfold.
If you take one action after today: make sure your response plan is tested, accessible offline, and rehearsed.
At Grant Thornton, we bring depth and breadth of digital asset experience — helping clients with contingency planning and cyber resilience, and, where required, asset tracing, restructuring and insolvency support.
We work with organisations exposed to digital assets to maximise potential, while remaining robust, resilient, and ready for the first hour if something does go wrong.
