In 2018, after being invited to an HackerOne program, a friend and I realized that there was nearly 1 billion dollars sitting behind an Apache web server. This led us down a rabbit hole exploring the security of cryptocurrency exchanges, KYC platforms, monetary providers, brokerages, NFT platforms, smart contracts, and the hundred other services all built to support the nearly 2 trillion dollars tied up in cryptocurrency. We began hacking on the bug bounty programs for these services and, after working with a large number of entities, discovered that there were traditional vulnerabilities, novel techniques, and lots of room for interesting research against this newer environment. This talk explores the nearly 3 years of stories hacking cryptocurrency websites and our outlook for the future of cryptocurrency security from the perspective of traditional security consultants and bug bounty hunters.