Crypto companies have a different risk profile than most finance companies.

For most finance companies, if they have a whoopsie and lose money to a software boo-boo, they'll just reverse the transaction. Times when such a transaction cannot be reversed (https://www.bloomberg.com/news/articles/2021-03-19/citigroup...) are the extremely rare exception, and are adjudicated by a civil court.

Whereas if a crypto company has their wallets breached, it's almost certainly immediately irreversible.

People generally don't understand how vast the difference is. The pro crypto narrative has pushed the idea that "Blockchain is more secure" because "it cannot be edited" when in reality that feature makes it much more of a target for attackers because once they transfer the coins the transfer cannot be edited. In comparison if an attacker gets a credit card that card could be disabled and or have transactions cancelled.

> In comparison if an attacker gets a credit card that card could be disabled and or have transactions cancelled.

That's why attackers never go after credit card numbers, right?

I think non-revertible payments do not really make a big difference to attackers, it just makes value extraction more efficient. Some percentage of fraudulent transactions will always make it through. So long as the funds accessible to the attacker are sufficiently large, it's still a juicy target. 10% of 200 megadollars is still 20 megadollars.

I agree with @capableweb2. They're an attractive target because they are a financial company with control over lots of value, not because of anything to do with cryptocurrencies in particular.

No they go after crypto bros because hacking banks is actually hard unlike these shady clowns based in Dubai or whatever.