If you are afraid that data access will be obtained as a result of SQL injection, then simple logging to a file or write checksum can help you.
If you are afraid that data access will be obtained by hacking the server, then nothing will help you.

Do you know what "pwn" means in jargon? This means that if an attacker has gained access to the server (at a level with sufficient privileges), then serious business is practically over - he will take away all at least some valuable information (including all logs), transfer all e-currency from all accounts to which there is access from the server, it will erase and destroy all the databases and all the contents of the file system, deface the site and put on it all the private information about you and all the clients in such a way as to cause maximum damage to the business. At the same time, no encryption tricks change the situation. If at least one script has access somewhere, then this access will be obtained by an attacker who has received the rights of the user on whose behalf the script (or root) is running.
If everything is so terrible, then how do electronic exchanges (like bitfinex) work, moving millions and open on the Internet? - It's a million dollar question. The answer is simple and complex at the same time - it's all about system administration. The entire security of the information system of the exchange rests on the admins, living people. But this, of course, is far from the level that can be found on freelance for the query "Administration of MySql 9.99$/hour".
Specifically, in your case, I can only advise you to set up an automatic backup system with filling over the network to a safe place, for example, to the cloud, where access is configured only for adding (chmod a-Xto a directory + random filenames (part of the name) each time a new one is added). The schedule (and the corresponding backup slot) must be more than one. Required: a quick 12-hour backup (if the hack happened at night (as usual), and the recovery in the morning, then daytime users will not even feel all this), daily (strictly required), weekly, monthly, quarterly and annual. All this can be useful in the event that developers and admins overslept some imperceptible damage to the database, and it penetrated into high-frequency backups.

encrypt the db first.

at least - different users for reading and data update.
when updating data - check as hard as possible all incoming ones.
use only parameterized queries.