Snir Levi, CEO of Nominis, discusses lessons we have already learnt as details emerge of Dubai-based exchange Bybit's record-breaking $1.46 billion crypto heist. Intelligence upon time of publication suggest the involvement of notorious North Korean crypto hacking entity, Lazarus Group.
The incident, which occurred on 21st February 2025, took place during a routine transfer of crypto from a cold wallet to a warm wallet, when attackers gained control of the cold wallet and transferred 401,000 ETH to unknown addresses.
Following an initial warning, after Nominis Vue recognised suspicious outflows from Bybit, Levi elaborated the analysis to his LinkedIn community:
"The recent Bybit incident emphasizes what our partners from GK8 by Galaxy, Fireblocks and Hypernative are constantly shouting over the last years:
1. Multisig ≠ MPC
2. MPC is not complete without Policy Management platform
3. Both are not a replacement for Transaction Simulation
4. Once a Cold Wallet or it's Access Management UI is connecting to the internet, it's no longer a real cold wallet
Multisig ≠ MPC:
While multisig (multi-signature) wallets require multiple private keys to approve a transaction, MPC (Multi-Party Computation) splits a private key into multiple shares, preventing any single point of compromise.
MPC ≠ Access & Policy Control:
Just because a system uses MPC doesn’t mean it has robust policy enforcement or access control. A platform that ensures granular transaction approvals, role-based permissions, and real-time monitoring is essential.
None of these replace a true cold wallet:
A real cold wallet, remains completely offline, making it the ultimate safeguard against online threats. MPC and multisig help secure online operations, but they don't eliminate risks associated with internet connectivity.
Transactions Firewall is not a replacement for Compliance:
While Transactions Firewall helps understating the result of the transaction, it lacks the full compliance aspects that Blockchain Investigation platforms have
Security & Compliance isn't about a single solution—it's about using the right tools together."
Connect with Levi here: https://www.linkedin.com/in/snir-levi/ for real-time insights and responses to future incidents, as well as exclusive Nominis Vue findings.
While we strive for accuracy in our content, we acknowledge that errors may occur. If you find any mistakes, please reach out to us at contact@nominis.io Your feedback is appreciated!