While you have certainly come across the fairly widespread – and partially certainly true – “AI doomerism” narrative that rapid advances in Artificial Intelligence (AI) will obliterate a significant amount of previously secure and well-paid jobs in IT, there is one sector that seems pre-destined for a years-long seminal bull market: Cyber Security.
As AI-assisted coding will let threat actors identify and exploit weaknesses in your codebase ever faster and with ever more accuracy, the Internet in general – and the cryptocurrency sector in specific – are in for a massive wash-out event.
Most crypto projects have been built on shaky foundations – and now the wave is crashing violently ashore, leaving nothing standing that was not built with engineering excellence and extreme paranoia in mind.
If you “take the easy path”, your money may very well take the easy path too – to Pyongyang or similarly favoured jurisdictions.
This severe lack of high-quality cyber security capacity is already resulting in major hacks of protocols, projects and individuals every couple of days in 2026.
These were situations where seconds counted, and where not missing small details under extreme time constraints could make the difference between successfully thwarting an ongoing exploit – or at least meaningfully mitigating its impact – or seeing a threat actor successfully escape with significant loot.
An extremely high-stress job, with extremely high stakes, against extremely skilled and persistent threat actors operating at industrial scale.
Even though, as recent development trends seem to confirm, the industry would need another few dozen teams with their tenacity, pace and skill set to even remotely have a chance to fight back against those who see the crypto system – apparently quite rightfully so – as a “target rich environment”.
Before we jump into the interview, a few words on our guest. Col Graham serves as Head of Threat Intelligence and Co-Founder at zeroShadow.io. Having started his career as a cybercrime detective, Col later worked in the Crypto Incident Response team at Chainalysis, handling major exploits like the 2022 Ronin Bridge hack. Driven by a mission to scale this work and help more people in need, the core members of that team spun out to form zeroShadow.
Today, the team has grown to nearly forty people and is routinely retained to handle the industry’s largest security breaches, including more recent incidents like Bybit, Kelp, and Drift.
With that, let us hear directly from Col.
BV Insights: What got you interested in working on CyberSecurity – and the crypto space in particular – in the first place, and what did the landscape look like back then? Which specific issues were you aiming to tackle at the outset?
Zeroshadow: I have always been driven by a basic dislike of injustice. It is what took me into law enforcement originally, wanting to right wrongs and give a voice to people who did not have one.
My blockchain work started as a cybercrime detective, but it became a full-time focus when I joined Chainalysis to help set up their crypto incident response team, jumping straight into the Ronin Bridge hack in 2022.
The landscape back then revealed a frustrating, industry-wide issue: security was highly fragmented, and many compliance tools had significant blind spots. Data wasn’t shared in real time and access to that data was expensive, it created critical visibility gaps across the entire network. Threat actors like the DPRK actively exploited these disconnected systems to launder victim assets, moving freely between platforms that couldn’t talk to one another in real time.
That was the specific issue I wanted to tackle. Security shouldn’t operate in isolated silos that leave the entire ecosystem vulnerable. I wanted to close those gaps by building a more connected, collaborative defence, providing practical threat intelligence that eliminates those blind spots for all.
BV Insights: What was a specific highlight in your career so far where you felt your contributions made a significant impact?
Zeroshadow: The highlight has been proving that our team can handle crypto’s largest, most severe exploits. Our real impact isn’t just tracking where stolen funds went, but our ability to bring a global network of defenders together to create friction and counteract these threats as fast as possible.
During the Bybit hack, it wasn’t an AI tool or a chatbot driving the response. It was a massive human effort, with exchanges, law enforcement, legal teams, and security groups like zeroShadow working in unison to disrupt the attack. Software can help trace transactions, but it can never replicate the trust and context needed to coordinate under pressure. Every major incident strengthens these bonds, and that is where our contribution makes the biggest difference: turning up for the toughest challenges and building the human connections needed to protect everyday users.
BV Insights: What was a situation that left you especially exasperated, and what conclusion did you draw from it? Did anything materially change for the better thereafter?
Zeroshadow: My greatest frustration is the timeline gap that can open up between freezing stolen assets and getting them back to a victim. We have immense respect for law enforcement, but they are caught in a dangerous bottleneck: austerity-driven funding cuts colliding with a dramatic spike in cybercrime and fraud. Relying solely on public authorities to manage the entire recovery process under these conditions is unsustainable.
BitcoinVN and their users should care because this strain creates a severe backlog. It means that even when stolen funds are frozen, the recovery phase can sometimes leave victims waiting years.
We are working hard to change this by collaborating with partners like the Security Alliance to build civil-led asset recovery frameworks. By handling the administrative heavy lifting ourselves, we can support law enforcement, shorten those timelines, and make the ecosystem fairer for everyone.
BV Insights: What are your Top 3 tips for professional service providers and “projects” in this industry that they should act on today if they want to survive the 2026 threat environment and its foreseeable future development?
Zeroshadow:
- Focus on the common threat, not the novel headline: Sophisticated, bespoke exploits are rare. Most teams get compromised through basic social engineering. Awareness is the cheapest and best defence you have. Know exactly who is gunning for you and how their playbooks work.
- Tap into human networks: Surviving a crisis often comes down to the strength of your human network. Build active relationships with peers and security groups who track the specific threats targeting services like yours, giving you early warning signs you would never see alone. Good partners do not treat a casual conversation as a sales pitch; at zeroShadow, we see it as expanding a shared defence. Get plugged into free community resources like the Crypto Defenders Alliance (CDA) and Security Alliance (SEAL911) before you actually need them.
- Prepare for the chaos: Everyone has a plan until they get punched in the face. We are in war rooms every day, and the immediate aftermath is often chaotic. True preparation isn’t just an internal checklist; it is knowing exactly who to call. Nobody resolves a major crisis completely in isolation, and you will need your network to help you contain the damage and recover. The teams that fare best are simply the best prepared.
BV Insights: What are your Top 3 tips for retail and end users who utilize cryptocurrency as part of their personal financial setup if they want to make it through 2026 and beyond?
Zeroshadow: Through our zeroShadow Aftercare Programme, we support end-user victims referred directly by crypto services like Coinbase and others. The insights we gather here show exactly what retail users are up against. Here are three ways to protect your assets:
- Do your homework: Industrial-scale scams now use AI to mimic legitimate platforms convincingly. If you face intense time pressure or are promised unrealistic returns, back away and get a second opinion.
- Isolate your assets: Malware is built to silently scour devices for private keys and logins. Avoid the risk entirely by separating your environment. Use a dedicated, clean device strictly for your crypto services and absolutely nothing else.
- Hang up and verify: Years of global data breaches across mainstream websites mean criminals already have your basic contact details, which they use to pose convincingly as exchange support teams. Urgent time pressure is always a massive red flag. If you receive a panicked alert, hang up immediately and contact the platform directly through a confirmed, official channel.
We have more tips on staying safe on our website https://www.zeroshadow.io/blog/?categories=scams
BV Insights: The team of zeroShadow recently launched the zeroShadow Threat Intel Platform, or zsTIP – tell us more about it; where did the idea originate from, what are its targets, who can benefit from it and where do you see it going next?
Zeroshadow: The idea came from watching criminals exploit a massive gap: traditional tools cost too much, and crypto moves too fast for them. Launderers used unprotected platforms to wash dirty funds before moving them through larger services. That became their standard playbook, so we built zsTIP to counteract it.
During the KelpDAO exploit, the DPRK laundered $292m across 6,000+ addresses. They went cross-chain, targeting platforms that couldn’t afford screening or had ineffective tools. In response we quickly onboarded many of these services to zsTIP, often for free, to protect them from these threats.
Our goal is to get all legitimate platforms signed up, leaving only the rogue ones outside. The benefit is network immunity. Instead of fighting threats alone, the moment one platform flags a danger, the rest of the network is instantly alerted to block the attacker’s next move.
Next, we are turning zsTIP into a marketplace because many Web3 teams have valuable, untapped data. Trusted groups like SEAL911 already share their intel into our network in real time to protect our members, while keeping full ownership of their data. This approach drives real innovation, the unique tools we are launching next will give network defenders and investigators a massive advantage.
BV Insights: Last but not least, how do you see the CyberSecurity sector in general evolving in the years to come?
Zeroshadow: The coming years will be a race against automation. AI has lowered the barrier to entry for cybercrime, allowing bad actors to deploy malware and scams at scale, continuously iterating until they find a gap. Neutralising that speed is the core challenge.
We believe that a big part of the solution lies in network immunity, similar to how traditional email security works. When a threat slips past an email scanner, it hits a victim. Once flagged by that victim, it is blocked, protecting everyone else. If platforms operate in isolation, every separate network needs its own victim(s) before the exploit is stopped everywhere. The larger the network sharing live data, the fewer the overall victims.
This shift toward a cooperative model is simply more effective, and it is exactly why BitcoinVN is a member of zsTIP. By contributing to this live data pool, they and their users gain the shared protection needed to keep ahead of evolving threats. Ultimately, we are safer together.
BV Insights: Thank you for your time and we wish you and your team continued success – albeit we would of course hope that our colleagues will have less reason to talk to you, as that usually means something bad happened 🙂 Thank you on behalf of the industry!
You can follow our guest here: www.linkedin.com/in/col-g
And Zeroshadow here: zeroShadow (@zeroshadow_io) / X
If you would like to learn more about the work of Zeroshadow – including how to apply or collaborate – you can find more information here.
If you would like to learn more about the zS TIP threat intelligence platform, see here.
If you are an end user and would like to take preventive action before the bad thing happens – and reduce the risk of the vast majority of common failures that lead to loss of funds – you can arrange a 1-on-1 consultation via BV Consulting.
And if you are based in Vietnam and simply want to improve your digital asset protection, our colleagues at BitcoinVN Shop offer the right tooling – from hardware wallets by Trezor, Ledger, Keystone & Co. to seed phrase backup devices such as steel cards.
