The crypto world was thrown into turmoil after ByBit suffered a massive $1.5 billion hack, marking one of the biggest security breaches in exchange history. As industry experts assess the fallout, key figures like Binance co-founder Changpeng Zhao (CZ), Ledger, and Fireblocks have weighed in on what went wrong and how future breaches can be prevented.
How Did the Hack Happen?
According to CZ, the ByBit exploit—along with other recent hacks on exchanges like Phemex and WazirX—points to a vulnerability in multisig wallets. These wallets require multiple approvals for transactions, but in this case, hackers disguised their malicious transfer as a routine transaction, tricking authorized signers into approving the theft.
CZ’s Warning: “There is a pattern where hackers steal large amounts of crypto from multi-sig cold storage solutions.” He urged exchanges to rethink their reliance on multisig security.
Ledger Calls for ‘Clear Signing’ to Prevent Blind Transactions
Hardware wallet developer Ledger echoed CZ’s concerns, emphasizing that ‘Blind Signing’ may have played a role in the hack. This process allows transactions to be approved without displaying full details, making it easier for attackers to slip through unnoticed.
✅ Ledger’s Solution? ‘Clear Signing’, which ensures transaction details are fully visible before approval, reducing the risk of hidden malicious activity.
Fireblocks Suggests MPC Wallets & Off-Exchange Settlement
Another major response came from Fireblocks, a Web3 security firm that suggested two key security improvements:
🔹 Multi-Party Computation (MPC) Wallets: Instead of requiring multiple signatures, MPC wallets split a wallet’s private key among several independent parties, preventing a single compromised input from leading to a full breach.
🔹 Off-Exchange Settlement: Fireblocks encouraged keeping customer funds in segregated accounts rather than directly on exchanges, reducing exposure to large-scale hacks.
What’s Next for Crypto Exchange Security?
With ByBit now investigating the breach and vowing to return customer assets, this incident has triggered discussions about how the industry can evolve to prevent future attacks.
Will exchanges finally move away from multisig wallets?
Will ‘Clear Signing’ become the new industry standard?
Are MPC wallets the next big thing in crypto security?
