币界网报道：North Korean hacking groups continue escalating attacks on Web3 infrastructure, shifting focus from smart contract exploits to human operational vulnerabilities in 2025. State-sponsored actors have targeted $1.5 billion in assets through credential harvesting at Bybit, launched malware attacks against MetaMask and Trust Wallet users, and established U.S. shell companies to infiltrate crypto teams. Security audits reveal systemic weaknesses: decentralized teams often lack proper key management, conduct governance via Discord polls, and onboard contributors without identity checks—leading to preventable compromises. While smart contract security receives heavy investment, operational security failures account for major breaches, including a $180-400 million Coinbase insider incident. Traditional finance's layered defense approach offers lessons, yet Web3 teams frequently resist security measures perceived as "centralized." Experts warn that without implementing enterprise-grade OPSEC practices—including contributor vetting, hardware wallet protections, and incident response plans—Web3 will remain vulnerable to sophisticated adversaries exploiting human weaknesses rather than code flaws.