Bybit attack shows ‘fundamental’ need for institutional-grade security: Ledger
This year, so far, has been the “worst year” for cybercrime in history, Ledger CTO Charles Guillemet told Blockworks
Ledger chief technology officer Charles Guillemet | Permissionless III by Mike Lawrence for Blockworks
This is a segment from the Empire newsletter. To read full editions, subscribe.
Bybit’s hack, which took place Friday morning, has sparked a slew of different conversations from security experts about how Bybit handled the situation. Last night, Bybit CEO Ben Zhou said the exchange was able to fully close the ETH gap and promised an audit report soon.
I had the opportunity this weekend to chat with Ledger’s chief technology officer Charles Guillemet, who told me that, for the foreseeable future, this year is so far “the worst year for cybercrime in history.”
Ledger fell victim to an attack just two years ago after a former employee was phished, giving attackers access to the package manager. Roughly $600,000 was stolen from Ledger users, a far smaller number than the $1.4 billion that Bybit suffered, but it led to Ledger removing the blind signing ability back in June of last year. Ledger’s CEO (and DAS speaker) Pascal Gauthier said in a statement that Ledger’s offered to support Bybit.
“This incident highlights once again that our industry needs to move beyond trust-based security models as attackers become more sophisticated. We can’t keep signing blind cheques and expecting it to be ok. The key evolution we’re seeing is the shift toward enterprise-grade security solutions that combine Clear Signing with robust governance frameworks,” Guillemet said.
His point is that attackers — like Lazarus, the North Korean group linked to the attack — are evolving and the current security measures used by the industry need to evolve as well.
“We need proactive security infrastructure that eliminates vulnerabilities like blind signing,” he explained.
Guillemet also noted he has some concerns that this isn’t the end of Lazarus targeting Bybit. He said that he believes Lazarus “compromised several” of Bybit’s endpoints.
“This suggests that Bybit’s machines and networks were compromised. I know pretty well their tactics and it’s possible that they are still at work attempting a lateral move to compromise other parts of Bybit’s IT,” he told me, noting that this is clearly speculative but it’s better safe than sorry in these situations.
“Pausing certain central functions of the exchange could have been wise, waiting for forensic investigations.”
I asked Guillemet what kind of lessons we can learn from this — especially given that $1.4 billion seems to mark this attack as the biggest digital heist in history of any kind, and not just the biggest crypto heist of all time.
“We’ve been saying this for years now. When the stakes are high, attackers raise the bar for their attacks. They won’t stop here. And others will come. Stop signing blank cheques — instead, use enterprise-grade security and custody solutions built for managing a significant amount of value,” he said.
“Institutional-grade security isn’t optional – it’s fundamental.”
Get the news in your inbox. Explore Blockworks newsletters:
- Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
- Empire: Start your morning with the top news and analysis to inform your day in crypto.
- Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
- 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
- Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
- The Drop: For crypto collectors and traders, covering apps, games, memes and more.
- Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
