Bybit attack shows ‘fundamental’ need for institutional-grade security: Ledger

This year, so far, has been the “worst year” for cybercrime in history, Ledger CTO Charles Guillemet told Blockworks

article-image

Ledger chief technology officer Charles Guillemet | Permissionless III by Mike Lawrence for Blockworks

share


This is a segment from the Empire newsletter. To read full editions, subscribe.


Bybit’s hack, which took place Friday morning, has sparked a slew of different conversations from security experts about how Bybit handled the situation. Last night, Bybit CEO Ben Zhou said the exchange was able to fully close the ETH gap and promised an audit report soon. 

Loading Tweet..

I had the opportunity this weekend to chat with Ledger’s chief technology officer Charles Guillemet, who told me that, for the foreseeable future, this year is so far “the worst year for cybercrime in history.” 

Ledger fell victim to an attack just two years ago after a former employee was phished, giving attackers access to the package manager. Roughly $600,000 was stolen from Ledger users, a far smaller number than the $1.4 billion that Bybit suffered, but it led to Ledger removing the blind signing ability back in June of last year. Ledger’s CEO (and DAS speaker) Pascal Gauthier said in a statement that Ledger’s offered to support Bybit.

“This incident highlights once again that our industry needs to move beyond trust-based security models as attackers become more sophisticated. We can’t keep signing blind cheques and expecting it to be ok. The key evolution we’re seeing is the shift toward enterprise-grade security solutions that combine Clear Signing with robust governance frameworks,” Guillemet said. 

His point is that attackers — like Lazarus, the North Korean group linked to the attack — are evolving and the current security measures used by the industry need to evolve as well. 

“We need proactive security infrastructure that eliminates vulnerabilities like blind signing,” he explained. 

Loading Tweet..

Guillemet also noted he has some concerns that this isn’t the end of Lazarus targeting Bybit. He said that he believes Lazarus “compromised several” of Bybit’s endpoints. 

“This suggests that Bybit’s machines and networks were compromised. I know pretty well their tactics and it’s possible that they are still at work attempting a lateral move to compromise other parts of Bybit’s IT,” he told me, noting that this is clearly speculative but it’s better safe than sorry in these situations. 

“Pausing certain central functions of the exchange could have been wise, waiting for forensic investigations.”

I asked Guillemet what kind of lessons we can learn from this — especially given that $1.4 billion seems to mark this attack as the biggest digital heist in history of any kind, and not just the biggest crypto heist of all time.

“We’ve been saying this for years now. When the stakes are high, attackers raise the bar for their attacks. They won’t stop here. And others will come. Stop signing blank cheques — instead, use enterprise-grade security and custody solutions built for managing a significant amount of value,” he said.

“Institutional-grade security isn’t optional – it’s fundamental.”


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates (19).png

Research

Suilend has grown into the top money market and liquid staking provider on Sui. STEAMM, Suilend’s Superfluid AMM, presents a compelling avenue for growing market share within Sui’s DEX landscape and revenue generation for the protocol. Suilend’s multi-product suite position it well for owning market share across key verticals. While current metrics across the Sui ecosystem are likely inflated due to Sui Foundation incentive programs, SEND trades at amongst the lowest multiples in the lend/borrow sector, suggesting that a bull case for continued growth in the ecosystem may be mispriced.

article-image

The best capital markets are open to the most people — and crypto capital markets are open to everyone

article-image

Post-conference musings on Firedancer, Kraken, Solana Mobile and Trump

article-image

Executives expect others to follow SharpLink Gaming’s lead in purchasing an asset that has surged this past month

article-image

After a weekend of tariff policy shifts, investors appear confident that trade deals are underway

article-image

Multiple rounds of prior audits did not catch the flaw, the DEX said

article-image

StarkWare launches new consumer-grade hardware ZK prover