How to stop crypto losses? Start acting on crypto risks

There is a strange pattern in crypto. The warning almost always exists before the loss. An auditor flags it. A researcher writes a thread. A forum post lays out the exact failure mode months in advance. And then nothing happens until the day money actually disappears. Only then does the market move: protocols patch, exchanges rewrite their rules, capital reprices.

Crypto is not unique at this point—most markets behave like this. Retail and builders consider reported risk as opinion. Then, the project crashes, and risk becomes fact. Markets respond to facts. But it hits different when you realize April 1–May 14 resulted in $625M value extracted from 21 protocols. 

Right after, the industry has started to change how it perceives risk and discuss shared risk standards that would measure the risk before the exploit, reallocate liquidity, and result in fewer losses… in the parallel reality. 

In ours, though, even after a devastating month, nothing changed, except a couple of founders yelled at the crowd, “We must do better,” and hundreds of KOLs tweeted that crypto is dead. 

You’ll probably ask, “Why are people irrational?” Dyma Budorin, CEO of CORE3, has covered why crypto founders are a bit ~arrogant in the Risk infrastructure roundtable with Moody’s Ratings and C4.

In the article, we offer you an answer to a more practical question: what would it take for risk to affect revenue before the loss, rather than after? That is the gap CORE3 is built to close.

To see why warnings get ignored, look at how incentives actually line up for the three groups that make decisions in crypto.

A builder who spends three months hardening a dependency gets no reward for it. Users do not see the work. The token does not move. Meanwhile, a competitor who skips that work ships faster and looks more successful. The careful team pays a real cost for an invisible benefit. So caution becomes a quiet competitive disadvantage.

An institution evaluating whether to list or hold an asset faces a similar trap. The analyst who says "this looks fine" is rarely punished if it turns out fine, and rarely blamed if it later fails, because everyone else missed it too. The analyst who says "do not touch this" has to defend that call against a token that keeps going up. Being early on risk feels like being wrong.

A retail researcher can publish a careful breakdown of why a project is fragile and watch it get buried under louder, more confident, more profitable narratives of “I told you so” under a +2% chart. The market does not pay for being right early. It pays to be loud now.

In every case, the warning is free to ignore because ignoring it carries no immediate cost. The cost arrives later, all at once, and lands on whoever happens to be holding the position. By then, it transforms a warning into a loss.

On April 1, 2026, Drift Protocol, the largest derivatives exchange on Solana, was drained of roughly $285 million in about twelve minutes. This was the largest crypto hack of the quarter (to date of May 14). Spoiler: It was not a coding problem.

The project’s smart contracts had passed two audits; the code did exactly what it was verified to do. The failure was in known, non-code risks that audits did not cover. Over several months, attackers socially engineered members of Drift's Security Council into pre-signing routine transactions.

Crucially, on March 27, Drift removed the protocol’s timelock (a safety delay that allows intervention against malicious admin changes). Removing it closed the only window for stopping an attack.

The attackers then used admin control and the absence of a timelock to list a worthless, manufactured asset as valid collateral. They deposited their worthless supply and withdrew $285 million in real assets (USDC, SOL, and ETH) against it.

Here is the part that matters for this discussion. Every individual weakness was a known category of risk. Thin-liquidity oracle manipulation, a low multisig threshold, a missing timelock, signers who cannot fully verify what they sign. None of this was novel. Security researchers have written about each of these failure modes for years. The timelock removal on March 27 was a visible, on-chain governance change to a protocol holding more than half a billion dollars. It was, in principle, a flashing warning sign.

Nothing happened with that warning. It cost nothing to ignore, so it was ignored, until it became a $285 million hole. Only then did the response arrive: Drift paused the protocol, the post-mortem went out, and the wider industry spent the following weeks relearning that a timelock is not optional. The information needed to act existed before the loss. What did not exist was a reason to act on it. Revenue, in the form of $285 million, supplied the reason.

The Drift case is about a specific vulnerability. The bigger version of the pattern is about market structure itself.

On October 10, 2025, crypto experienced the largest single-day liquidation event in its history. Roughly $19 billion in leveraged positions were forcibly closed in about 24 hours, affecting more than 1.6 million accounts. Bitcoin fell about 14 percent, but the real damage was in smaller assets, some of which briefly traded near zero on individual venues as order books emptied out.

The trigger was a macro shock, a surprise tariff announcement. But the trigger is not the interesting part. The interesting part is the machinery that turned a sharp sell-off into a $19 billion cascade, because every piece of that machinery was known and discussed long before October.

Three structural facts did the damage. First, cross-margin design: many venues let profits on one position offset losses on another, which is efficient in calm markets and turns a whole portfolio into a single point of failure under stress. Second, thin liquidity: when prices gapped, market makers widened their spreads or stepped away entirely, so top-of-book depth on major venues collapsed by more than 90 percent. Third, oracle dependence: at least one major exchange marked collateral against its own local spot price, so when a stablecoin briefly de-pegged to around $0.65 on that one venue, that local mispricing became the accounting truth for every cross-margined account using it as collateral. Even conservatively leveraged traders running hedged strategies were liquidated because the system closed their profitable positions to stay solvent.

Researchers had been writing about cross-margin contagion, thin weekend liquidity, and single-source oracle risk for years. (So it was no secret!). What was missing was a loss amount large enough to force venues, market makers, and risk teams to actually redesign around it. October 10 supplied that number. The conversations about margin design and oracle robustness that should have happened in the abstract happened because the $19 billion lost made them unavoidable.

Treating loss as the only credible teacher is expensive in ways that compound.

It is expensive in capital, obviously. The money does not come back. Cetus recovered most of its frozen funds through validator action and a foundation loan, which was unusually lucky. Most protocols and most traders get no such rescues, and when they do, the decentralization of “trustless money” becomes questionable.

It is expensive in trust, which is slower to see and harder to rebuild. Since 2021, millions of crypto projects have died. Every preventable failure confirms the outside view that the whole blockchain space is a betting house, which raises the cost of capital for the careful builders too. 

And it is expensive in time. An industry that can only learn through catastrophe learns slowly, because catastrophes are spaced apart and each one teaches only its own narrow lesson. The Drift response hardened one protocol's governance. It did nothing for the next team running a low-threshold multisig with no timelock. Loss-driven learning does not generalize. 

If the problem is that warnings are free and losses are not, the fix is not to produce more warnings. It is to give risk a form that decision-makers cannot treat as optional. That means risk must become measurable + three more things.

Risk has to be comparable. A warning about one project means little if you cannot weigh it against every other option on the same scale. A standardized index changes the question from "is this scary?" to "is this more or less exposed than the alternative I am considering right now." CORE3's Probability of Loss (PoL) is built for exactly this: a measured index from 0 to 100, derived from a transparent, multi-parameter methodology, that places projects and exchanges on one common scale. It is not a prediction of price and not a safety certificate. It is a measured estimate of loss exposure that can actually be compared.

Risk has to be continuous. A point-in-time audit tells you a contract was sound on the day it was reviewed. Cetus was audited a month before it was drained. Risk is not a snapshot. It moves when a dependency changes, when liquidity thins, when an incident happens. A standard that updates continuously turns risk from a historical document into a live signal, which is the only form a decision-maker can act on before the fact.

Risk has to be operational. A report gets read once and filed. A standard gets built into workflows: listing decisions, portfolio limits, counterparty checks, monitoring and alerts. When risk lives inside the process that moves money, it stops being free to ignore, because ignoring it now has a procedural cost rather than only a future one.

This is the difference between risk as commentary and risk as infrastructure. Commentary waits for a loss to be proven right. Infrastructure makes the cost of risk visible while there is still time to act on it.

Markets do correct. Mispriced risk does eventually get repriced. The only real choice is whether that correction happens deliberately, through a standard that lets builders, institutions, and researchers act on risk early. Or whether it happens the way it has happened so far, through a $223 million exploit or a $19 billion cascade that forces everyone to learn the same lesson at the same time at the worst possible price.

CORE3 exists because the second option is not inevitable. It is just what happens when risk has no form that the market is obligated to respect. Give risk that form, make it comparable, continuous, and operational, and it can start affecting decisions before it affects revenue.

That is the whole point. Not to predict the next loss. To make the next loss something the market had a chance to avoid.