Tamaghna Basu on the human side of crypto security

Hackers stole an estimated $2.2 billion in crypto last year, Tamaghna Basu warns – a stark reminder that the threat reaches ordinary users as well as major corporations.

Basu, a cybersecurity expert with more than 20 years of experience, breaks down the risks in simple, human terms. “There are two kinds of people in this world: people who got hacked and people who don’t know they got hacked,” he told The Crypto Radio.

From engineer to 'Batman of blockchain'

Basu’s journey into cybersecurity wasn’t conventional. He started as a software engineer before diving deep into ethical hacking and offensive security. “From the beginning of my career, security was something I was very passionate about,” he explained.

“More precisely, the ethical hacking, or the offensive security, or the hacking aspect of it – how things can be broken, how you can actually exploit stuff.”

His fascination began long before today’s wave of blockchain hacks. “Those days it was IRC chats, Yahoo Messenger,” he recalled. “We used to chat anonymous. We used to have our own handles where we don’t know each other.” Those informal online groups became his training ground, long before tutorials and podcasts existed.

Basu later worked at PayPal, Walmart, and eBay, before launching ventures in AI fraud detection and remote work security. Friends drew him into blockchain during the COVID years, but his perspective was shaped much earlier: he mined Bitcoin as far back as 2008 but never pursued it seriously at the time.

Why crypto security is different

What makes cryptocurrency security unique is the lack of central control. Unlike banks, blockchain transactions are anonymous and irreversible. For hackers, that makes the ecosystem a prime hunting ground.

“Think of it like a house,” Basu said. “As a hacker, I have to figure out the different doors and windows. Which one is the weakest? The easiest to break? My goal is to complete my mission and get out.” In crypto, those “doors and windows” are smart contracts, digital wallets, and exchanges.

The motives, however, have not shifted. “The intentions are the same,” he explained. “Either financial gain – stealing money – or causing damage to someone for whatever reason.”

Like breaking into a house, cyberattacks often target the simplest entry point. Photo: Unsplash / Devon McKay

Why behavior matters more than technology

For Basu, the real vulnerabilities in crypto often come down to human choices. “By definition, I believe humans are lazy,” he said. “We always try to find out the best possible, most convenient way of solving the problem.” That tendency makes people fall for phishing emails, fake login screens, or shortcuts that compromise security.

The same instinct drives risky speculation. “I don’t think memecoins are the problem. Greed is the problem,” he said, stressing that technical flaws aren’t the only danger  – human behavior can open the biggest doors to attackers.

He also noted that in the rush to innovate, many founders are “too young” and overlook security altogether. “Because things are moving so fast I have to ride the waves,” he said of the culture.

The rise of AI – double-edged sword

Artificial intelligence is transforming cybersecurity – and not always for the better. Basu highlights how algorithms can scan blockchain transactions, spot anomalies, and even predict likely threats. But the same tools are available to attackers.

“You can simply just ask for something, let’s say write an exploit for, let’s say ERC-20 smart contract,” he said. “And you can actually probably get some kind of code given by one of the LLMs.”

That means both sides – defenders and hackers – now operate with amplified power. “Ten years back, maybe I have to start from level zero,” Basu said. “Now I’m starting from level two or level three, and then I’m proceeding further.”

'Gamification of security'

Hackathons and quizzes are part of cybersecurity expert Tamaghna Basu’s strategy to keep teams sharp on security

To change the culture, Basu looks for creative methods. “I call it gamification of security,” he said. “Security is, to be honest, a very boring thing. The only way you can make it interesting is by turning it into a challenge.”

For him, that means hackathons, quizzes, and innovation contests where teams are encouraged to prove him wrong. “A lot of times I say that I’m not the smartest person – you know your product better than me, so you should tell me how I can help secure it.”

Advice for the everyday user

Despite the daunting numbers, Basu insists individuals can make themselves safer with some basic practices:

• Learn fundamental cybersecurity principles.

• Never trust unknown digital sources.

• Always verify before taking action.

• Remember that “knowing and doing are two different things.”

His advice extends to everyone in tech. “If you are a techie – doesn’t matter if you’re front end, back end, whatever technology you work with – you should learn cybersecurity,” he said. “It’s not for someone else, but for your own safety.”

The ultimate goal isn’t perfection, but preparedness. “Your data is digital. It’s there. You have to accept it,” Basu said. “The only way you can protect it is by having more knowledge.”

And if that feels overwhelming, he offers reassurance: “It’s better to know than to be clueless.”