2/27/25 Roundup: Bybit Hack Learnings & Bitcoin Investor Week Recap
Onramp Weekly Roundup
Written By Brian Cubellis
Before we get started…
Last week, Onramp announced we’ve partnered with Arch to offer our clients USD loans backed by bitcoin collateral. This new service represents an important step in our mission to provide comprehensive bitcoin financial solutions—rooted in best-in-class security and unwavering commitment to our clients. Learn more at the links below.
Press Release
Blog Announcement
Schedule a consultation with Onramp to get started!
And now, for the weekly roundup…
Bybit Hack Learnings
Bitcoin Native Multisig vs. Ethereum Multisig
On February 21, Bybit suffered a record $1.5 billion hack, allegedly orchestrated by the Lazarus Group. The attackers exploited Bybit’s Ethereum-based multisig wallet by injecting malicious code and masking the user interface, prompting signers to unknowingly approve an unauthorized transaction.
This event underscores a stark reality:
Ethereum Multisig often relies on proprietary or complex smart contracts. Hidden functions in these contracts can be used to siphon funds if signers are tricked by a fraudulent UI.
Bitcoin Native Multisig, by contrast, is integrated into the bitcoin protocol itself. It is open-source, transparent, and limited to simple, verifiable operations. With fewer moving parts and no arbitrary code execution, attackers face fewer avenues to conceal malicious actions.
Fundamental differences between BTC and ETH in terms of monetary properties aside…the Bybit hack demonstrates that, for secure, long-term value preservation, bitcoin’s inherent design and straightforward multisig mechanics can offer stronger protection than the more complex, often proprietary systems built around Ethereum.
Single Entity Control Undermines Multisig
While multisig technology adds layers of defense, those advantages evaporate if a single organization still controls all required keys. If one attacker gains sufficient internal access (or successfully deceives signers), they can potentially drain wallets without external oversight. The Bybit fiasco highlights how crucial it is to avoid “multisig in name only,” where just one party truly holds effective control.
Why Multi-Institution Custody is a Game-Changer
Instead of centralizing key ownership, multi-institution custody (e.g., Onramp’s approach) distributes private keys among independent entities. A transaction requires multiple signatures from separate custodians, eliminating the possibility that any one entity becomes a single point of failure.
In effect, even if a malicious actor compromises one keyholder, they cannot move funds without simultaneously breaching an additional keyholder. This design aligns with bitcoin’s decentralized ethos, fortifying the security model where no single entity is trusted unilaterally.
Bitcoin Investor Week Recap
Onramp has been in New York this week for the Bitcoin Investor Week conference.
Below is a recap of Day 1 programming, The Bitcoin Treasury Forum:
Institutional Wave and Nation-State Adoption
- Adam Back & Sean Bill: Expect pension funds and sovereign buyers to turbocharge bitcoin, pushing it into seven-figure territory sooner than many anticipate.
- MetaPlanet: Demonstrated the power of a bitcoin treasury strategy in Japan, where stricter post–Mt. Gox regulations ironically enhance legitimacy.
Corporate Treasuries Pivot to BTC
- Semler Scientific: Another real-world example of pivoting from a sleepy balance sheet to a BTC-focused treasury, with $300 million in BTC on hand.
- Strategic Debt Usage: Panels highlighted innovative financing (convertible notes, ATMs, structured products) to accumulate more bitcoin—reflecting creative ways to leverage hard money on corporate balance sheets.
State and Federal Bitcoin Adoption
- Matthew Pines: States are introducing bills to hold bitcoin, though many remain symbolic. Nonetheless, this might pave the way for a federal bitcoin reserve.
- Regulatory Outlook: A new administration has sparked optimism about a cohesive policy framework, including stablecoins, market structure, and even potential nation-level BTC acquisition.
Resilient Custody & Bitcoin’s Long-Term Value
The Bybit hack is a stark reminder that not all multisig arrangements are created equal, and that if a single entity controls the majority of keys, sophisticated attackers can still prevail—especially on complex, proprietary systems. Meanwhile, bitcoin’s native multisig design offers simpler, more transparent security, and the ability to implement multi-institution custody which adds resiliency by removing any single point of failure.
At Bitcoin Investor Week, top executives and policymakers reiterated that bitcoin is consolidating its role as digital gold—drawing interest from pensions, corporations, and, potentially, nation-states. This accelerating adoption only amplifies the need for stronger, more fault-tolerant custody solutions. At Onramp, we believe multi-institution custody, built atop bitcoin’s credibly neutral network, is how large holders can mitigate risk and capitalize on bitcoin’s surging institutional momentum.
Chart of the Week
“Bitcoin flushed down with global liquidity (3 month lag). Next up is global liquidity spike, rate cuts, QE and Bitcoin exploding. Patience.”
Quote of the Week
“While I can’t predict the future with certainty, my intuition is that a single dominant Reusable Proof-of-Work (RPoW) network will emerge as the primary standard—much like how TCP/IP became the universal protocol for data transport. While other RPoW networks may exist for niche or localized applications, they are unlikely to offer the same level of utility or security on a global scale.
In RPoW, network size directly translates to security. The greater the computational power and energy expenditure required to maintain the network, the more expensive it becomes to attack or manipulate—making it inherently more secure. This creates a strong incentive for users to converge on the most physically costly and secure network. As adoption increases, a reinforcing cycle ensues: the dominant network grows even larger and more computationally powerful, while smaller alternatives struggle to compete due to their comparatively weaker security and lower utility.
This consolidation of all RPOW applications into one RPOW network isn’t just a matter of efficiency or convenience—it’s a strategic necessity. In a competitive environment, all rational actors will gravitate toward the network that provides the highest level of security for their information, assets, and financial transactions. The most resilient RPoW network will be the one that imposes the greatest physical cost on potential adversaries, ensuring that it remains the preferred choice for global-scale usage.
In SOFTWAR, I describe this dynamic as “Mutually Assured Preservation.” The largest nation-state rivals (e.g. NATO vs BRICS) must inevitably adopt the same network, and the computational power and energy they each contribute to it will have the counterintuitive effect of reinforcing their adversary’s security as well. The cost of attacking either side increases to such an extent that they become “frenemies,” each strengthening the security of the other’s interests on the same network.”
Podcasts of the Week
Fort Knox Is Empty, Bitcoin Is the Reserve
In this episode of The Last Trade, hosts Jackson Mikalic, Michael Tanguma, Brian Cubellis, and Tim Kotzman discuss auditing Fort Knox, political game theory, memecoin meltdowns, accelerating bitcoin education, leafrogging gold as a SoV, & more!
How Bitcoin Could Solve the Global Pension Crisis with Strive CEO Matt Cole
In this episode of Scarce Assets, we’re joined by Matt Cole, CEO of Strive, to discuss the global pension crisis, bitcoin as savings tech, corporate bitcoin adoption, bitcoin as the hurdle rate, the intersection of AI and BTC, & more!
Closing Note
Onramp provides bitcoin financial services built on multi-institution custody. To learn more about our products for individuals and institutions, schedule a consultation to chat with us about your situation and needs.
Find this valuable? Forward it to someone in your personal or professional network.
Until next week,
Brian Cubellis