Bybit $1.4 billion theft highlights widening gap in crypto wallet

Bybit’s authorized signers approved a routine internal transfer on a February 2025 afternoon, but the transaction displayed on their screens differed from the one actually signed by their hardware wallets, resulting in a $1.4 billion loss – the largest crypto theft on record and a stark proof that self‑custody security depends on more than just holding a private key [1].

The blind‑signing flaw that cost $1.4 billion

Bybit’s internal transfer was processed through hardware wallets that performed offline signing, a practice widely regarded as best‑in‑class. However, the surrounding software—specifically the Safe{Wallet} interface—modified the transaction data before it reached the device, a problem known as “blind signing.” The hardware signed exactly what it was fed, but the signer’s screen showed a different transaction, allowing the attackers to divert the funds without any on‑screen warning [1].

Shifting the security conversation

The incident underscores a growing divide between custodial and non‑custodial wallets. While custodial services keep keys on behalf of users, non‑custodial solutions span browser extensions, mobile apps, and dedicated hardware devices, each with distinct threat models. Software wallets share a device’s broader attack surface, and even hardware wallets still rely on connected software to construct and broadcast transactions, leaving a residual exposure [1].

A small but expanding cohort of wallets—Keystone, Ngrave, AirGap Vault, GridPlus, and the upcoming Lock.com—are built on an “offline‑first” premise: the signing environment never contacts the internet. By eliminating any network touchpoint, these wallets aim to eradicate blind‑signing risks entirely [1].

Preparing for a post‑quantum future

Beyond immediate attack vectors, the article notes that quantum‑computing threats are prompting some wallet developers to embed post‑quantum cryptographic standards (ML‑DSA‑65 signatures, ML‑KEM‑768 key encapsulation) from the ground up. While quantum decryption is not imminent, standards bodies have set deprecation dates for vulnerable algorithms as early as 2030, and a U.S. executive order in June 2025 mandates migration for federal systems [1]. Lock.com is already integrating these standards, positioning itself for long‑term resilience.

What to watch

• Blind‑signing incidents – monitor for any reports of mismatched transaction data in hardware‑wallet workflows.
• Launch of isolated wallets – track the public release dates of Lock.com and similar offline‑first products.
• Post‑quantum adoption milestones – watch for announcements of ML‑DSA or ML‑KEM implementation in major wallet firmware updates.

The Bybit loss shows that even “best‑practice” self‑custody can be undermined by software layers, pushing users and institutions toward wallets that isolate key signing from any network exposure and consider future cryptographic threats. The next wave of wallet adoption will likely be judged on these architectural choices rather than on interface polish alone.