I’m thrilled to sit down with Michal “Mehow” Pospieszalski, a seasoned tech leader and the CEO of American Fortress, a pioneering company in secure crypto transaction infrastructure. With two decades of experience as a white hat hacker, Michal has a deep understanding of the vulnerabilities in digital finance and a passion for building safer systems. In this interview, we’ll explore the growing risks of cryptocurrency deregulation, the impact on users and national security, the role of AI in amplifying threats, and the urgent need for security-focused innovation in this rapidly evolving space.
How does the trend of deregulation in the crypto industry create more potential victims, and what does that mean for the overall ecosystem?
Deregulation opens the floodgates for new users who often lack the technical know-how to protect themselves. Without clear rules or oversight, these inexperienced individuals jump into the space, drawn by the hype, but they’re not equipped to spot scams or secure their assets. This creates a larger pool of easy targets for hackers. Beyond that, it’s not just about individual losses—it expands the attack surface for the entire ecosystem. Every unprotected wallet or poorly designed platform becomes a potential entry point for malicious actors, and that can ripple out to affect everyone in the space.
Can you unpack what you mean by an expanded attack surface due to weaker regulations, and how that plays out in real terms?
When regulations are scaled back, there’s less pressure on platforms to enforce robust security measures or comply with best practices. This leads to vulnerabilities like unpatched smart contracts, lax verification processes, or inadequate user education. In real terms, it means more phishing scams, more fraudulent projects, and more exploits that could’ve been prevented with basic oversight. It’s like leaving your front door unlocked in a bad neighborhood—someone’s going to take advantage of it. These gaps don’t just hurt individuals; they undermine trust in the whole crypto ecosystem and can destabilize broader financial systems if large-scale breaches occur.
What are the national implications of these systemic vulnerabilities in the crypto space, and why should we be concerned?
The risks go far beyond personal finance. Crypto is increasingly intertwined with critical infrastructure—think digital identity systems, payment networks, or even defense logistics that rely on blockchain tech. A major breach could compromise sensitive data or disrupt key services, posing a direct threat to national security. For instance, if a state-sponsored hacker group exploits a deregulated platform to funnel funds or steal identities, it’s not just a financial hit—it could impact government operations or public safety. We’re talking about a domino effect that could touch every aspect of our digital lives.
You’ve likened deregulation to removing traffic lights. Can you expand on that analogy and share some real-world examples of the consequences?
Absolutely. Traffic lights exist to prevent chaos and collisions, right? Regulation in crypto serves a similar purpose—it sets rules to keep things orderly and safe. When you remove those, you get crashes. A prime example is the surge in phishing scams, up nearly 60% recently, where scammers exploit the lack of mandatory user verification or education standards to trick people into giving up their funds. Another is the Bybit hack, where $1.5 billion was lost due to social engineering flaws, not tech failures. Without oversight pushing for better processes, these kinds of disasters are inevitable, and hackers just wait for the next weak spot to strike.
How does the integration of AI into digital finance heighten the risks in a deregulated environment?
AI is a game-changer, but it’s also a double-edged sword. We’re seeing autonomous agents managing wallets and executing trades at scale, often without human oversight. In a deregulated space, there’s little incentive to build these systems with strong safeguards like zero-trust architecture. If an AI agent gets hijacked—say, through a deepfake impersonating a user or a flaw in its decision-making code—it could trigger millions of transactions in minutes, causing massive damage before anyone catches on. The speed and scale of AI make errors or exploits catastrophic, especially without regulatory pressure to prioritize security.
What challenges do good-faith developers face in this loosely regulated landscape, and how does that impact innovation?
Honest developers are in a tough spot. They want to build secure, innovative solutions, but without clear regulatory frameworks or shared standards, they’re often working in the dark. They invest time and money into security and compliance, only to compete against bad actors who cut corners and undercut them on cost. This creates a race to the bottom where taking shortcuts becomes a survival tactic. It stifles true innovation because the focus shifts from building better systems to just staying afloat. Without support or consistent rules, the industry fragments, and systemic risks grow.
Looking at recent incidents like the Bybit hack, what went wrong, and what does it tell us about the current state of security?
The Bybit hack, which resulted in a $1.5 billion loss, wasn’t about broken blockchain tech—it was about human error and poor process design. Social engineering tricked operators into approving fraudulent withdrawals. This shows that the weakest link often isn’t the code; it’s the people and processes around it. In a deregulated environment, there’s no mandate for rigorous training or verification protocols, so these gaps persist. It’s a wake-up call that security isn’t just a tech issue—it’s about building robust systems end-to-end, and right now, we’re falling short.
What’s your forecast for the future of crypto security if deregulation continues on its current path?
If deregulation keeps trending this way without a counterbalance of security-first initiatives, I see a future where breaches become more frequent and more devastating. Hackers will continue exploiting human and systemic weaknesses, especially as AI-driven finance scales up. We could face cascading failures—think entire DeFi protocols collapsing or national infrastructure being compromised through crypto-linked systems. Without a coordinated push for secure-by-design principles and public-private partnerships, we’re building on quicksand. Trust will erode, adoption will stall, and the promise of crypto as a transformative technology will be undermined by preventable risks.