Do my customers need crypto wallets?

They don't need MetaMask. Social login (Google, Email, SMS, Apple) creates an embedded wallet that ensures payment accuracy — correct stablecoin, correct chain, no errors, fully recoverable. Customers need to hold USDC or USDT already. Those with existing wallets can also connect directly.

How do I integrate PYMSTR?

Two options: Payment links require zero code and can be set up in minutes from your dashboard. For full API integration, our REST API typically takes a single day. We provide webhooks and detailed documentation at docs.pymstr.com.

What about compliance?

PYMSTR is non-custodial — funds go directly to your wallet, never touching our servers. This significantly reduces your regulatory burden compared to custodial payment processors. You maintain full control of your funds at all times.

Which stablecoins and chains are supported?

USDC and USDT across 5 chains (Ethereum, Base, Polygon, Arbitrum, BNB). You choose which coins and chains to accept — enforced payments prevent customers from sending on the wrong network.

What happens if a customer pays the wrong amount?

They can't. PYMSTR uses enforced payments — the exact amount, stablecoin, and chain are locked at checkout. Customers can only submit the precise transaction you've configured, eliminating partial payments and overpayments.

Are there hidden fees?

1% flat per transaction. No setup fees, no monthly fees, no rolling reserves, no minimum volumes, no tier pricing. What you see is what you pay.

How fast is settlement?

Instant. Funds arrive in your wallet as soon as the transaction confirms on-chain — typically 2-15 seconds depending on the chain. No T+3, no T+7, no holdbacks.

What if there's a dispute?

Blockchain transactions are final. There are zero chargebacks, zero reversals, and zero dispute fees. Once a customer pays, the funds are yours. This eliminates the 2-3% chargeback rates common in high-risk industries.

Blog/Crypto Payment Processor Hacks: 2024-2025

security·6 min read·March 12, 2026

Crypto Payment Processor Hacks: 2024-2025

Between 2023 and 2025, custodial crypto payment processors and exchanges lost over $1.8 billion to hackers. Every major incident shared the same root cause: the processor held customer and merchant funds in centralized wallets. Here's the complete timeline.

Bybit — $1.46 Billion (February 2025)

The largest crypto hack in history. North Korean Lazarus Group hackers compromised Bybit's hot wallet infrastructure, draining $1.46 billion in a single attack. The hack exploited the fundamental weakness of custodial architecture — all customer funds stored in centralized wallets controlled by the platform.

DMM Bitcoin — $308 Million (May 2024)

Japanese exchange DMM Bitcoin lost 4,502.9 BTC ($308 million) when attackers compromised their hot wallet system. Despite security measures including multi-signature wallets, the custodial model meant funds were concentrated and targetable.

CoinsPaid — $44.5 Million (2023-2024)

CoinsPaid, one of the largest crypto payment processors for iGaming, was hacked twice. In July 2023, Lazarus Group stole $37 million through a social engineering attack on an employee. Six months later, in January 2024, hackers returned for another $7.5 million. Multiple gambling platforms using CoinsPaid lost access to deposited funds.

Alphapo — $60 Million (July 2023)

Enterprise crypto payment processor Alphapo lost $60 million in the same month as CoinsPaid — also attributed to Lazarus Group. Hot wallets across multiple blockchains were drained. Several major gambling platforms that processed through Alphapo were directly affected.

The Pattern

Every hack follows the same pattern: a custodial processor pools merchant and customer funds in centralized wallets. Hackers target those wallets — through social engineering, infrastructure compromise, or insider access. When they succeed, everyone who stored funds on the platform loses.

What custodial hacks have in common:

Funds were pooled in processor-controlled wallets
Hot wallets held significant balances for operational convenience
A single compromise drained multiple merchants simultaneously
Merchants had no way to protect their own funds

The Non-Custodial Alternative

Non-custodial payment processors eliminate this attack vector entirely. When funds flow directly from customer to merchant wallet on-chain, there is no pool of funds to steal. Even if the processor's infrastructure is fully compromised, merchant funds are safe — because they're in the merchant's own wallet.

PYMSTR is non-custodial. We never hold merchant funds. Payments settle directly to your wallet in 2-15 seconds across 5 chains. The architecture that led to $1.8 billion in losses simply doesn't apply.

Ready to see the difference?

Non-custodial. 1% flat. Zero chargebacks. Live in 5 minutes.

Get started for free

PreviousCustodial vs Non-Custodial Crypto Payments

NextStablecoins vs Bitcoin for Merchant Payments

Non-Custodial Architecture

vs CoinsPaid

vs Alphapo