Could Bybit’s $1.4B Hack Have Been Stopped? Ledger, CZ React

On Feb 23, 2025

Could the Bybit crypto been avoided? (Photo Illustration by Omar Marques/SOPA Images/LightRocket … [+] via Getty Images)

SOPA Images/LightRocket via Getty Images

Bybit’s recent security breach has sent shockwaves through the crypto industry, exposing vulnerabilities in multi-sig cold storage solutions and emphasizing the need for more sophisticated security measures. Experts from Ledger CEO Pascal Gauthier, Fireblocks, and Binance co-founder Changpeng Zhao (CZ) have provided crucial insights into how this could potentially have been prevented and what steps exchanges must take to secure digital assets.

At the same time, Bybit’s CEO, Ben Zhou, acted swiftly in response, halting withdrawals, conducting a thorough investigation, and working with security experts to contain the damage. His decisive crisis management helped prevent further losses and demonstrated how exchanges should respond in the face of such attacks.

Ben Zhou, CEO of Bybit

Bybit

Understanding the Bybit Exploit

Bybit’s breach, resulting in over $1.4 billion in losses, was attributed to a sophisticated exploit manipulating call data and swapping Safe’s implementation for a back doored version. CZ pointed out that North Korea’s Lazarus Group, responsible for several major exchange hacks, executed the attack by manipulating the front-end interface to display a legitimate transaction while signing a different, malicious transaction behind the scenes.

This incident highlights a growing trend in crypto hacks—targeting multi-sig cold storage solutions through increasingly sophisticated means. CZ warned that affected exchanges, including WazirX and Phemex, all had different multi-sig solution providers, demonstrating that these attacks are not provider-specific but rather a systemic issue.

Security Lessons from Ledger, Fireblocks, and Binance Founder CZ For Bybit and Others

1. Improve Transaction Transparency and Reduce Blind Signing

One of the major risks in crypto security is blind signing, where users and platforms approve transactions without clearly seeing what they’re authorizing. Pascal Gauthier, CEO of Ledger, emphasized that these types of attacks could be mitigated if Clear Signing—a method ensuring users can fully verify transaction details before signing—were widely adopted. Ledger secures over 20% of the world’s digital assets and is the market leader in self-custody.

“These hacks are preventable, and enterprise-grade security is necessary for large transactions. As cryptocurrency becomes more widely adopted, scams and phishing attacks also rise. Clear Signing is the only way to securely authorize a transaction—that’s why Ledger is implementing Clear Signing for the entire ecosystem, which requires support from partners to properly integrate,” said Gauthier.

Ledger CEO Pascal Gauthier has some important advice to help crypto users. (Photo by Horacio … [+] Villalobos#Corbis/Getty Images)

Getty Images

Fireblocks also supports enhanced transaction visibility through its DeFi threat detection and real-time monitoring, helping institutions identify and stop suspicious transaction patterns before execution.

2. Rethink Multi-Sig and Move to Distributed MPC Wallets

CZ and Fireblocks both pointed out the vulnerabilities in multi-signage (multi-sig) cold storage solutions. While multi-sig is widely used, Fireblocks recommends migrating to Distributed Multi-Party Computation (MPC) wallets, which offer superior signing security by distributing key fragments rather than relying on multiple signature providers who may themselves be compromised.

Binance Founder, Changpeng Zhao (CZ) , Co-founder & CEO. Provides his insights on the $1.4B Crypto … [+] Hack. (Photo By Stephen McCarthy/Sportsfile for Web Summit via Getty Images)

Sportsfile for Web Summit via Getty Images

A more resilient approach is Multi-Party Computation (MPC) wallets, which distribute key fragments across multiple parties instead of relying on traditional multi-sig setups. This method reduces the risk of any single compromised key leading to a breach, providing a stronger defense against attacks targeting cold storage mechanisms. Fireblocks employs MPC.

3. Enforce Enterprise Governance and Approval Flows

Ledger and Fireblocks stress the importance of enterprise-level security governance, including:

Multi-level transaction approvals (e.g., requiring CFO sign-off for large transactions)
Whitelisting of approved wallet addresses to prevent funds from being sent to malicious actors
Hardware-based verification to enforce transaction security beyond software protections

In addition, enterprises must strengthen security with B2B custody solutions designed for institutional needs. Pascal Gauthier also pointed out that beyond transaction signing,…