Smart Contract Risks Could Be Global Finance’s Ticking Time Bomb, Warns Movement Labs Co-Founder

In an interview with BeInCrypto, Cooper Scanlon, co-founder of Movement Labs, raised alarms about the vulnerabilities in blockchain infrastructure, particularly flaws in traditional smart contracts like Ethereum (ETH). He stressed that these weaknesses pose a serious threat to the future of global finance.

His remarks come as the crypto industry struggles with a surge in scams and hacks, which have caused significant damage and undermined trust in the sector.

Movement Labs Co-Founder Weighs In on Smart Contract Risks

Scanlon pointed out that flaws in smart contracts have led to billions in losses in 2024 alone. According to data from SolidityScan, in 2024, crypto hacks amounted to $1.4 billion, spanning 149 separate incidents.

The Amount lost to Crypto Hacks in 2024. Source: SolidityScan

In fact, this year, the crypto community saw one of the largest hacks in history when Bybit was targeted. Hackers drained $1.5 billion, majorly in Ethereum, from the platform. They exploited a single-signing transaction vulnerability, bypassing wallet security to make unauthorized withdrawals. 

Furthermore, in early March, decentralized exchange (DEX) aggregator 1inch also suffered a critical breach due to a flaw in the Fusion v1 resolver smart contract, further illustrating the vulnerabilities plaguing the sector.

Scanlon emphasized that these incidents are not gradual declines but rather catastrophic drains that occur within seconds once vulnerabilities are exploited. The situation becomes more serious when considering the growing integration of blockchain with traditional financial systems.

“If financial institutions integrate smart contracts into payment systems and capital markets without addressing the potential for these flaws, we’re amplifying risk across much broader systems,” he told BeInCrypto.

The co-founder also highlighted a dangerous misconception about smart contract security – the belief that a successful audit guarantees security. Scanlon says audits only uncover a small portion of potential vulnerabilities and frequently overlook more complex attack vectors. 

Furthermore, he underlined the daily occurrence of these hacks. The exec noted that three major re-entrancy bugs were discovered in the past two months. He warned that these incidents do not occur in isolation but point to deeper architectural flaws.

“If development continues on Ethereum using Solidity code, these threats will unfortunately worsen over the next five years as blockchain adoption increases. Greater integration with traditional finance means higher-value targets, while increasing complexity creates more attack surface,” Scanlon commented.

For context, a re-entrancy bug is a vulnerability in smart contracts where an external call made by the contract can call back into the contract before the initial execution is complete. This allows an attacker to repeatedly execute a function, potentially draining funds or manipulating the contract in unintended ways. A famous example is the 2016 DAO hack.

The Movement Labs co-founder also mentioned the Kyber attack as an example of how a simple integer overflow could lead to catastrophic consequences. Nonetheless, he acknowledged that no developer or auditor can realistically identify vulnerabilities at such a granular level across thousands of lines of Solidity code. Scanlon claimed that every traditional protocol comes with these inherent risks.

“As major banks, payment processors, and exchanges build atop these systems, vulnerabilities that once affected only crypto enthusiasts now threaten the broader financial ecosystem,” he stressed.

To address these risks, he believes the solution lies in moving past outdated architectures and adopting more secure, modern designs. He directed attention to Movement Labs’ use of the Move programming language.

Scanlon explained that it eliminates common vulnerabilities through its resource-oriented design and formal verification. According to him, Move is specifically designed to prevent entire classes of vulnerabilities.

“Move represents a revolutionary improvement over existing smart contract platforms,” Scanlon advocated.

Smart Contracts and Financial Systems: The Path to Integration

Amid these risks, Scanlon argued that blockchain networks require standardized security protocols. However, he stressed that traditional models cannot be directly applied.

He outlined that before integrating decentralized systems, financial institutions must first grasp the unique security challenges posed by blockchain.

“Financial institutions looking to integrate decentralized systems must understand that blockchain transactions cannot be reversed. This means that in blockchain, exploits are often irreversible. This fundamental difference requires a complete rethinking of risk management, but it also points to the unique value of decentralized technology,” Scanlon disclosed to BeInCrypto.

Scanlon also brought into focus the need to evolve regulatory approaches. He noted that traditional finance and decentralized systems are no longer distinct realms—they are becoming increasingly integrated. 

Nevertheless, he pointed out that most current regulatory frameworks remain rooted in outdated concerns. They largely focus on traditional issues such as Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance and investor protection.

These frameworks, Scanlon warned, overlook the deeper technological risks that could trigger systemic failures within the blockchain space. What the industry needs, he said, is clarity.

“Governments should work to establish clear laws around blockchain generally so that innovators and builders have the resources and peace of mind to develop safe, secure chains and applications,” Scanlon remarked.

He argued that the focus should be on creating an environment where security innovation can thrive rather than enforcing one-size-fits-all standards.

Why Human Psychology Drives Scam Success

In addition to addressing vulnerabilities in smart contract infrastructure, Scanlon also discussed the rise in meme coin scams prevalent on social media platforms. Recently, hackers have targeted many celebrities, industry experts, and political leaders, seizing control of their X accounts to promote fraudulent tokens.

Scanlon explained that these incidents are increasing due to the asymmetrical rewards involved. With minimal technical effort, scammers can reap substantial profits.

“These social engineering attacks are fundamentally different from smart contract vulnerabilities. They exploit human psychology rather than code flaws,” Scanlon shared with BeInCrypto.

To combat these threats, Scanlon stressed that social media platforms need more sophisticated detection systems to identify compromised accounts and prevent scam promotion. He also called for enhanced on-chain analytics to spot and flag suspicious token contracts before they gain momentum.

He underlined the importance of improving resources for verifying project legitimacy. In addition, he suggested that protocols should incorporate stronger verification measures.

Scanlon concluded that the long-term solution lies in improved technology. He emphasized cultivating an ecosystem that prioritizes security at every level, from code design to user experience. Scanlon asserted that the community should come first. Therefore, protecting it from these threats is of utmost importance.