S1 E6 · July 16, 2026 · 69 min.

Hacken on What Institutional-Grade Security Means for Digital Assets

Host
Murat Prokopov
Murat Prokopov
Strategic Partnerships Executive @ Coinspaid
Guest
Yev Broshevan
Yev Broshevan
CEO and Co-founder @ Hacken

What happens when a company once closely associated with smart contract audits becomes a broader security partner for banks, regulators, stablecoin issuers, and digital asset companies?

In this episode of Money Rewired, Murat Prokopov sits down with Yev Broshevan, CEO and Co-founder of Hacken, to explore how crypto security is changing as the industry moves closer to traditional finance, regulation, and real-world institutional use cases.

From New York to the Middle East, from due diligence and certifications to AI-powered attacks and agentic payments, this conversation is about much more than audits. It is about how trust is built in a regulated digital asset world, what “institutional-grade security” actually means, and why security is becoming a continuous process rather than a one-time report.

What This Episode Is About

This episode is about a big shift happening across crypto, fintech, and traditional finance: security is no longer a checkbox at the end of development. It is becoming part of the operating model, the compliance framework, and the product strategy itself. In the conversation, Yev explains how Hacken evolved from a smart contract audit brand into an end-to-end cybersecurity company working across audits, penetration testing, compliance, monitoring, and security consulting.

The episode also shows why institutional players speak a very different security language. Terms like SOC 2, ISO 27001, governance, responsibility, due diligence, and incident response are central to how banks and large firms evaluate partners. In Hacken’s world, that means the conversation is no longer only about code. It is about risk ownership, process maturity, and whether a company can prove that it can operate in a regulated environment.

What Is Institutional Crypto Security?

One of the most interesting points Yev makes is that institutional security is not really about technology. Banks already know how to evaluate technology risk. What they care about is everything around it: who owns the risk, who is responsible when something fails, how incidents are handled, and whether the organization can pass scrutiny from regulators, compliance teams, procurement departments, and auditors.

That is why the conversation repeatedly comes back to governance, due diligence, certifications, incident response, and operational processes. As blockchain companies increasingly sell to banks and financial institutions, security is becoming less about proving that code works and more about proving that the company behind the code can be trusted.

What Is Digital Asset Security?

The episode challenges the idea that digital asset security is synonymous with smart contract audits. Yev explains that many of the largest incidents today are no longer caused by vulnerabilities in code alone. They happen because of weaknesses in infrastructure, operational processes, key management, monitoring, or human decision-making.

As digital assets become part of regulated financial systems, security is expanding beyond the blockchain itself. It now includes everything from wallet operations and on-chain monitoring to compliance requirements, AI-driven threats, and the ability to detect and respond to incidents before funds leave the ecosystem. In other words, digital asset security is becoming a business and operational challenge as much as a technical one.

Episode Breakdown

From Smart Contract Audits to End-to-End Security

Hacken did not stay a narrow smart contract audit shop. Yev describes how the company’s work expanded into security development lifecycle support, penetration testing, infrastructure security, mobile app security, and compliance work. The core point is simple: in today’s environment, security cannot be treated as a one-off review right before launch. It has to be continuous, operational, and tied to the way a company actually builds and runs products.

Why Banks and Regulators Require a Different Approach

A major part of the conversation focuses on the difference between crypto-native companies and regulated institutions. Banks and large firms move through longer procurement cycles, deeper due diligence, and more formalized legal and compliance reviews. Yev explains that they expect partners to speak in their own vocabulary and to be ready with evidence of process maturity, certifications, risk ownership, and clear incident response frameworks.

What “Institutional-Grade Security” Actually Means

The phrase sounds like marketing until it is unpacked. In this episode, Yev breaks it down into concrete expectations: strong governance, formal responsibilities, better documentation, standards like SOC 2 and ISO 27001, proper key management, secure development practices, monitoring, and clear ownership of on-chain and off-chain risk. For institutional clients, the real question is not just “did you audit it?” but “who owns the risk, how is it monitored, and what happens when something goes wrong?”

The Middle East as a Regulatory Laboratory

The episode also looks at the Middle East as one of the more advanced regions for crypto security and regulation. Yev points to jurisdictions such as ADGM and Bermuda, where regulators are building frameworks that combine Web2 best practices with on-chain visibility, live risk monitoring, and specific reporting requirements. This is not just about licensing. It is about continuous supervision in an ecosystem where on-chain activity can be observed in real time.

AI, Agentic Payments, and the Next Risk Layer

AI is not treated as a side topic here. The conversation goes deep into how AI changes both offense and defense: personalized phishing, faster vulnerability discovery, better attack pattern recognition, and new tooling for security teams. Yev also discusses agentic payments, noting that the same autonomy that makes them exciting also creates a new risk surface. His view is that the industry now needs “know your agent” logic, stronger guardrails, and more testing for prompt injection and other manipulations.

Monitoring, Surveillance, and Privacy

Another key theme is the tension between real-time monitoring and financial surveillance. Yev argues that on-chain transparency makes monitoring useful and often necessary, especially for security and compliance, but he also stresses that privacy and anonymization will matter more as crypto infrastructure moves deeper into mainstream financial systems. The goal, as the episode makes clear, is not surveillance for its own sake. It is risk visibility without losing the open nature of crypto.

Why This Episode Matters

This episode captures the moment when crypto security stops being a niche technical service and becomes a core requirement for regulated finance. The industry is moving from wild-west experimentation toward a world where audits, monitoring, certifications, and compliance are part of the price of entry. At the same time, the next wave of risk is already arriving through AI, agentic workflows, and more complex digital asset infrastructure.

Hacken sits right in the middle of that transition: crypto-native enough to understand how things break, and institutional enough to understand what banks, regulators, and enterprise clients expect. That is what makes this conversation especially relevant for anyone building in digital assets, fintech, payments, or financial infrastructure.

About Money Rewired

Money Rewired is a podcast by CoinsPaid Media about the systems reshaping finance in real time, from crypto infrastructure and modern banking to payments, AI, regulation, and the companies trying to connect them. Each episode focuses on the people building inside that transition, not just commenting on it from the outside.

Host
Murat Prokopov
Murat Prokopov
Strategic Partnerships Executive @ Coinspaid