Custody and manage crypto operations
Securely custody at scale with MPC
Provide users control of their wallets
Create, mint, and distribute tokens
Orchestrate blockchain payments
Connect to the digital asset ecosystem
Battle tested multi-layer security
Protect your operational flows
Integrated AML, KYT & Travel Rule
Automate daily operations
Easily earn and manage
Secure onchain access
Mitigate exchange risk
February 26, 2025
Expert Commentary, Industry Insights
Shahar Madar
VP Security and Trust Products
Bybit’s recent attack has exposed a critical flaw in how many exchanges approach security. The real-time transaction manipulation that took place wasn’t just an unfortunate event—it was a direct consequence of mispurposed security architectures that sophisticated attackers are all too ready to exploit.
The attack combined blind signing vulnerabilities on Ledger devices with highly-targeted malicious UI manipulation made possible by a compromise of a Safe{Wallet} developer machine, effectively deceiving users into approving malicious transactions. It didn’t have to happen.
With nation-state-sponsored groups like Lazarus continually evolving, enterprises must shift their security mindset to proactive, nation-state-resilient infrastructure.
A security model is only as strong as its weakest link. In Bybit’s case, two seemingly secure solutions—Ledger and Safe{Wallet}—merged to create a dangerous vulnerability. The attack exploited a standard hardware wallet and multisig wallet UI configuration that is inadequate for today’s enterprise and advanced threat needs.
1. UI Manipulation in Safe{Wallet}
2. Blind Signing on Ledger Devices
The attack on Bybit highlights two critical security breakdowns:
The first is the infiltration of Safe{Wallet}’s production environment via a compromise of a Safe {Wallet} developer machine. Foundationally, a single developer’s clear and direct access to production is dangerous – and must be mitigated with zero-trust security processes, including:
The second is the structurally weak security patchwork commonly adopted in the market. Using separate smart account wallets alongside hardware signing solutions leaves crucial blind signing gaps, with users approving transactions they can’t fully verify.
For signers to operate with clarity and trust at such high stakes businesses they need an end-to-end security solution, with true enterprise-level security enforced at every checkpoint.
As attack methods grow more sophisticated, a piecemeal approach to security is simply inadequate. Lazarus and other high profile attackers are the reason Fireblocks was founded. The platform’s multi-layer security has been engineered to provide end-to-end authenticity and security to protect against these exact attacks. Enterprise organizations must use the most robust security protections.
Secure design
Governance
Operational intelligence
A provider’s security posture must be validated regularly with rigorous internal and external audits. At Fireblocks, we believe the only standard is the one that exceeds the industry standards across:
While others patch security gaps, Fireblocks eliminates them entirely. By deploying MPC-based security, transaction policy enforcement, and real-time transaction verification, Fireblocks provides the only end-to-end security model that defends against attacks like Bybit’s—before they happen.
Watch Fireblocks’ VP of Security & Trust, Shahar Madar, break down what went wrong, what it means for the industry, and how enterprises can stay ahead in our on-demand AMA.
Join the largest institutional players running their businesses with Fireblocks.
Fireblocks is the world's most trusted and proven digital asset infrastructure company, empowering organizations of all sizes to build, run and grow their business on the blockchain. With the industry's most secure, scalable and comprehensive platform, we streamline custody, tokenization, payment, settlement, and trading operations across the largest ecosystem of exchanges, custodians, banks, payment providers and stablecoin issuers in the world. Over 2,000 organizations – including BNY, Galaxy, and Revolut – trust Fireblocks to secure more than $7 trillion in digital asset transactions across 100 blockchains and 250+ million wallets. Learn more at fireblocks.com.
Find out how Fireblocks helps your digital asset business to grow fast and stay secure.
Fireblocks is an enterprise-grade platform delivering a secure infrastructure for moving, storing, and issuing digital assets. Fireblocks enables exchanges, custodians, banks, trading desks, and hedge funds to securely scale digital asset operations through patent-pending SGX & MPC technology.
Fireblocks © 2025 All Rights Reserved.
