In it episode twenty-nine Separating Money and StateIván Gómez speaks with Jimmy Su, Chief Security Officer of Binance, to map the real state of security in the cryptocurrency industry in 2026. Su, trained in Berkeley and with a career that includes FireEye and JD.com, describes the cryptocurrency ecosystem as the most demanding frontier of cybersecurity: almost instantaneous attack cycles, irreversible transactions and a level of pressure that attracts both the best defenders and the most sophisticated attackers.
The conversation exposes the most shocking fact of the episode (North Korea would be behind 66% of cryptocurrency hacks in 2026 measured in dollars), and breaks down how this type of adversary operates: infiltration with fake resumes, deepfakes in job interviews, social engineering that combines online and offline attacks at international conferences, and use of AI to compress the cycle from exploration to attack deployment.
The most relevant:
- Jimmy Su has been Chief Security Officer at Binance since 2020 and oversees fund security for more than 280 million users.
- Prior to Binance, Su led the JD Security Research Center in Silicon Valley and previously led Threat Research at FireEye.
- According to a report Su citation, North Korea (DPRK) accounted for 66% of crypto hacks measured in dollars in 2026.
- North Korean groups don’t just attack code: they infiltrate crypto organizations by presenting themselves as candidates with fake resumes and deepfakes in interviews.
- AI has compressed the attack cycle to the point that tasks that previously required an entire red team can now be done by a single person with the right tools.
- Binance uses a combination of commercial models (including enterprise versions of OpenAI/ChatGPT) and internal models trained for specific security tasks.
- The 2019 Binance hack (7,000 BTC) occurred before Su assumed the role, but the BNB Bridge incident in 2022, already under his leadership, taught the need for rapid infrastructure upgrades.
- Binance audits smart contracts not only on BNB Chain, but also Solana, Ethereum and other L1s, and contacts teams when it detects vulnerabilities.
- The Drift case showed how the combination of prolonged social engineering (months of infiltration) and poor multisig key management can compromise a protocol.
- Address poisoning is one of the most common attacks today: scammers create addresses with first and last characters identical to legitimate addresses to trick the user into copy-paste.
- Binance has developed automatic detection of address poisoning in real time on multiple chains, integrated into its app and available via browser plug-ins.
- On quantum computing, Su estimates that breaking cryptography relevant to Bitcoin would require millions of qubits, and projects a window of 5 to 10 years for the risk to become concrete.
- Measures that can be taken today against quantum risk include not reusing addresses and keeping public keys unexposed for as long as possible.
- Su’s key recommendation for new users: use a dedicated device only for cryptocurrency transactions and separate email addresses for each service, which allows phishing to be detected if email arrives from an issuer you didn’t subscribe to.
- By 2025, Binance would have helped recover more than $100 million in external hacks thanks to coordination with authorities and other industry players.