This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalised services to you, both on this website and through other media. To find out more about the cookies we use, see our privacy policy. If you decline, we won’t track your information when you visit our site. But in order to comply with your preferences, we’ll have to use just one tiny cookie so that you’re not asked to make this choice again.

​Luke Riley, our Head of Innovation, shares how Overledger Authorise, our enterprise-grade transaction signing could have prevented the attack and why institutions need to implement enterprise security controls for on-chain finance.

On Friday 21 February, Bybit, a prominent cryptocurrency exchange suffered the largest crypto heist of all time. Using malware, hackers were able to compromise their supply chain and trick the exchange into approving transactions without knowing the full implication of signing them.

The Bybit attack is a glaring example of the evolving tactics deployed by cybercriminals today. The Bybit theft has been attributed to North Korea’s Lazarus group, a highly sophisticated, state-sponsored hacking collective, notorious for siphoning billions of dollars from the cryptocurrency industry. Most prominently, the group is known for exploiting security vulnerabilities and then using complex laundering methods to obscure the flow of stolen funds.

Introducing Overledger Authorise
Authorise is our enterprise-grade key management and transaction signing solution that makes transaction signing seamless on any blockchain. It works by facilitating the interaction between your identity management systems and other providers to authenticate and sign requests on behalf of the customer.

With Authorise, users can verify transactions and rely on our trusted technology to manage transaction validation and verification complexity.

How Authorise can combat cyber threats
With attacks rapidly rising in frequency and impact, the level of protection needed to secure critical infrastructure continues to increase. Authorise enables institutions to extend their existing security controls to blockchains, strengthen their on-chain infrastructure and combat new threat actors and digital asset cyber risks in several ways:  

  • Whitelisting: The ability to define your own transaction signing verification rules such as implementing white or blacklists, as well as performing validation checks on the value of each transaction parameter and block or allow access to smart contract functions, such as upgrade. 
  • ​Enterprise omni-sig: Utilising threshold signature schemes in which customer keys can be partially divided between Authorise, Overledger and additional providers for true multi-sig security. 
  • ​Verification: Running the transaction signing verification checks for integrity purposes within the customers infrastructure and separately within Quant’s infrastructure to provide institutions with assurance on transaction finality. 

​We know that during the Bybit attack, users were prompted to sign an upgrade transaction for a particular smart contract, rather than signing a valid transaction.

However, with Authorise, users would have had the ability to blacklist the upgrade function, meaning the signing of the transaction would have been rejected by both the customer and Quant’s verification checks.

​What can we learn from the Bybit hack?
The Bybit hack highlights a critical lesson for institutions – the importance of institutional-grade security to eliminate vulnerabilities.   

​This attack reignited discussions about the security of digital asset platforms. While Bybit assured users that funds were covered, the incident raised concerns about hidden regulatory risks, solvency transparency, and cybersecurity gaps in major exchanges.  

​As more institutions start their journey on-chain, the industry must prioritise stronger security infrastructure, clear security frameworks, and institutional-grade risk management. As crypto adoption grows, blind signing and opaque security models must be replaced with systems designed to survive sophisticated attacks like the one Bybit faced.  

​When the capability of a hacker outpaces your infrastructure’s security improvements, it’s only a matter of time before a breach could occur. If there is one key learning from this hack, it’s this: security in DeFi and Web3 needs to further mature before it can be trusted, and institutions must extend their enterprise security capabilities to blockchains as they progress their on-chain journey.  

How Quant can help

Back to Perspectives
Share:

“The Bybit hack highlights a critical lesson for institutions – the importance of institutional-grade security to eliminate vulnerabilities.”

Dr Luke Riley
Head of Innovation
Subscribe and be the first to know

Related posts

News
14 February 2025
​Quant partners with Oracle to drive digital assets innovation
Digital assets
Digital currencies
Financial institutions
​Quant partners with Oracle to drive digital assets innovation
Perspectives
13 January 2025
​Payments in 2025: Adapt, or get left behind
CBDC
European Central Bank
Financial institutions
​Payments in 2025: Adapt, or get left behind
More