Key Takeaways
Crypto has spent years talking about security. It still hasn’t solved it.
For Dyma Budorin, co-founder of CORE3, the issue isn’t a lack of tools or talent. It’s something more uncomfortable. It is the industry itself.
In a conversation with CCN’s Giuseppe Fabio Ciccomascolo, Budorin doesn’t sugarcoat it.
He describes a space still shaped by bad actors, weak incentives, and a culture that often prioritizes speed and profit over resilience.
At the center of that tension is a simple question: if the tools to build securely already exist, why do projects keep getting hacked?
Budorin’s entry into security wasn’t driven by opportunity. It was driven by frustration.
“The problem is that our industry is a piece of shit,” he says bluntly. “We have too many scams, frauds… It’s full of bad actors, and nothing is changing.”
That frustration led him to focus on building infrastructure that tries to correct that imbalance—not by reacting after hacks, but by preventing them in the first place.
At CORE3, the goal is straightforward, even if the execution isn’t. Help projects avoid getting hacked, avoid losing money, and operate with stronger security standards from the start.
“We are the good guys who help projects not to be hacked,” Budorin says.
But the company’s role goes beyond just security services. Reputation, he argues, has become part of the product.
If CORE3 is involved with a project, it signals that serious effort has gone into protecting it.
One of the recurring problems in crypto security is fragmentation. Different tools, different vendors, different layers—often loosely connected.
Budorin sees it differently.
“In our case, it’s a bit the opposite,” he explains.
CORE3 operates as part of a broader group that includes:
Together, the idea is to cover the full lifecycle of risk. From code vulnerabilities to operational failures.
“We can cover almost all the risks of a crypto project,” he says.
But even with that coverage, most of the industry isn’t using these tools properly.
According to Budorin, one of the biggest misconceptions is that projects ignore security. In reality, many are engaging with it—but only superficially.
“Only 20% of projects that get hacked had some auditor,” he says, pointing to industry data. “The others were out of scope or had no audits.”
Even among those who do audits, the process is often incomplete.
Projects audit:
“They use audits as a marketing tool,” Budorin says. “Which is ridiculous.”
And auditing alone isn’t enough.
“You have to make proper operational security. You need circuit breakers. You need monitoring.”
Without those layers, even well-audited systems remain exposed.
Crypto has long struggled with a trade-off between moving fast and building safely.
Budorin rejects the premise entirely.
“You should not balance. Security should be a mindset from day one.”
The problem, he says, is that many teams operate with a completely different mindset. They want to launch quickly, attract users, and push token prices.
“There is a mindset to ship fast… and pump tokens. That’s what it is.”
That culture, more than any technical limitation, is what keeps vulnerabilities alive.
If security is flawed, transparency might be worse.
Budorin argues that the industry already has the tools to protect itself. What it lacks is openness, especially from centralized players.
“I don’t think security is the biggest problem,” he says. “I think transparency is way bigger.”
He points to centralized exchanges as a key example. There are still major unanswered questions about:
“We still don’t know what happened,” he says, referencing major market events. “No public reports, no clear answers.”
And unlike security tools, transparency is not universally desired.
“Not all industry players want this transparency, because they benefit from it.”
Despite better tools and more awareness, Budorin sees worrying trends.
One of them is over-reliance on automation and cost-cutting.
“People are building with AI coding, AI audits… and going live,” he says. “Which is horrible.”
While AI can help identify vulnerabilities, it’s not a replacement for deep, manual security work.
“It can find bugs, but it can also miss a lot.”
At the same time, teams are trying to reduce costs in both development and security—often at the expense of long-term safety.
Regulation is often seen as a solution to crypto’s security and transparency issues. But Budorin says its impact is still limited.
In regions like the UAE, licensing frameworks are increasingly enforcing better practices.
In Europe, however, progress is slower.
“MiCA is not very specific… and not fully adopted,” he says.
More importantly, enforcement is still missing.
“Companies will start doing something only when they see the first fines.”
Until then, many are unlikely to change their behavior.
One of Budorin’s final points reframes the entire discussion. Security, he argues, is only part of the risk landscape.
“You can be fooled in different ways,” he says.
Even perfectly secure systems can still harm users through:
“It’s not always security that’s the problem.”
That broader definition of risk—technical, financial, and behavioral—is what the industry still struggles to address.
If there’s a single thread running through Budorin’s perspective, it’s this: crypto’s biggest weaknesses aren’t technical.
They’re cultural.
“We don’t care about risk,” he says. “We care about quick money.”
That mindset, he argues, is why serious participants still hesitate to fully enter the space—and why the industry continues to repeat the same mistakes.
Security tools exist. Best practices exist. Even regulatory frameworks are starting to take shape.
What’s missing is the willingness to treat them as essential, not optional.
Until that changes, the cycle is unlikely to break.