Bybit attack shows ‘fundamental’ need for institutional-grade security: Ledger

This year, so far, has been the “worst year” for cybercrime in history, Ledger CTO Charles Guillemet told Blockworks

article-image

Ledger chief technology officer Charles Guillemet | Permissionless III by Mike Lawrence for Blockworks

share


This is a segment from the Empire newsletter. To read full editions, subscribe.


Bybit’s hack, which took place Friday morning, has sparked a slew of different conversations from security experts about how Bybit handled the situation. Last night, Bybit CEO Ben Zhou said the exchange was able to fully close the ETH gap and promised an audit report soon. 

Loading Tweet..

I had the opportunity this weekend to chat with Ledger’s chief technology officer Charles Guillemet, who told me that, for the foreseeable future, this year is so far “the worst year for cybercrime in history.” 

Ledger fell victim to an attack just two years ago after a former employee was phished, giving attackers access to the package manager. Roughly $600,000 was stolen from Ledger users, a far smaller number than the $1.4 billion that Bybit suffered, but it led to Ledger removing the blind signing ability back in June of last year. Ledger’s CEO (and DAS speaker) Pascal Gauthier said in a statement that Ledger’s offered to support Bybit.

“This incident highlights once again that our industry needs to move beyond trust-based security models as attackers become more sophisticated. We can’t keep signing blind cheques and expecting it to be ok. The key evolution we’re seeing is the shift toward enterprise-grade security solutions that combine Clear Signing with robust governance frameworks,” Guillemet said. 

His point is that attackers — like Lazarus, the North Korean group linked to the attack — are evolving and the current security measures used by the industry need to evolve as well. 

“We need proactive security infrastructure that eliminates vulnerabilities like blind signing,” he explained. 

Loading Tweet..

Guillemet also noted he has some concerns that this isn’t the end of Lazarus targeting Bybit. He said that he believes Lazarus “compromised several” of Bybit’s endpoints. 

“This suggests that Bybit’s machines and networks were compromised. I know pretty well their tactics and it’s possible that they are still at work attempting a lateral move to compromise other parts of Bybit’s IT,” he told me, noting that this is clearly speculative but it’s better safe than sorry in these situations. 

“Pausing certain central functions of the exchange could have been wise, waiting for forensic investigations.”

I asked Guillemet what kind of lessons we can learn from this — especially given that $1.4 billion seems to mark this attack as the biggest digital heist in history of any kind, and not just the biggest crypto heist of all time.

“We’ve been saying this for years now. When the stakes are high, attackers raise the bar for their attacks. They won’t stop here. And others will come. Stop signing blank cheques — instead, use enterprise-grade security and custody solutions built for managing a significant amount of value,” he said.

“Institutional-grade security isn’t optional – it’s fundamental.”


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Axiom report graphic.png

Research

Axiom has rapidly become the leading Solana trading bot, capturing over 50% of Solana bot volume and hovering at 3-4% of total Solana memecoin volume just three months post-launch, driven by high user activity and larger average trade sizes.

article-image

Digital Assets Subcommittee Chair Bryan Steil called for a “roundtable” discussion in lieu of a formal hearing

article-image

The exchange sees a way to reach gamers through the deal

article-image

The drop gives buyers Adidas outfits for their in-game characters, but the game hasn’t fully released yet

article-image

In 1999, Daniel Bernstein fought for code to be protected, just like free speech

article-image

Sentora aims to create an ecosystem focused on institutional investors’ DeFi needs