How Multi-Institution Bitcoin Custody Could Have Prevented the Bybit Hack
Brian Cubellis | Chief Strategy Officer
Mar 20, 2025
How Multi-Institution Bitcoin Custody Could Have Prevented the Bybit Hack
On February 21, 2025, the cryptocurrency exchange Bybit suffered the largest hack in the history of digital assets: approximately $1.5 billion in Ethereum and related tokens stolen in a single transaction. The attack, attributed to North Korea's Lazarus Group, was roughly twenty times larger than the next biggest heist in recorded financial history. It was not a brute-force break-in. It was a sophisticated deception that turned the platform's own security approvals against it.
For Bitcoin holders, the Bybit hack is not merely headline news. It is a case study in why the architecture of custody matters more than the number of signatures on a wallet. And it is a powerful illustration of why multi-institution Bitcoin custody, built on Bitcoin's native multisignature protocol, represents a fundamentally more resilient approach to securing digital assets.
What Happened in the Bybit Hack
The Lazarus Group, a North Korean state-sponsored hacking organization responsible for billions of dollars in prior cryptocurrency thefts, targeted Bybit's Ethereum cold wallet. The wallet was secured using Safe (formerly Gnosis Safe), one of the most widely used smart contract-based multisig solutions on Ethereum.
Rather than attempting to steal private keys directly, the attackers compromised the front-end interface that Bybit's authorized signers used to review and approve transactions. The malicious code altered what the signers saw on their screens, presenting what appeared to be a routine internal transfer. In reality, the signers were approving a transaction that changed the underlying logic of the smart contract itself, granting the attacker full control of the wallet.
Multiple authorized signers reviewed and approved the transaction. Each believed they were authorizing a legitimate operation. None were aware that the transaction they signed bore no resemblance to what was displayed on their screens. The result was the largest single theft in financial history, executed remotely, against bearer assets that can never be reversed.
The Single-Entity Problem: Why Bybit's Multisig Failed
Bybit was using a form of multisig to secure its Ethereum holdings. But the critical vulnerability was not in the multisig concept itself. It was that all of the signing keys were controlled within the same organization. This is the single-entity problem: when one entity holds all the keys, compromising that entity compromises everything, regardless of how many signatures are required.
The Lazarus Group is known for embedding operatives within target organizations over years of patient social engineering. As the value of cryptocurrency holdings has grown, so has the return on investment for attackers willing to spend five to seven years infiltrating a single company. When the honeypot is large enough, the resources devoted to cracking it will scale accordingly.
In Bybit's case, compromising the entity meant compromising the interface all signers relied on. The multisig architecture was sound in theory, but it was undermined by a shared dependency: every signer was looking at the same compromised screen.
The Blind Signing Vulnerability: How Smart Contract Multisig Fails
The Bybit hack exposed a structural vulnerability unique to Ethereum's smart contract-based multisig. Unlike Bitcoin, Ethereum does not have native multisig at the protocol level. Instead, multisig on Ethereum is implemented through smart contracts: programs deployed on the blockchain that define the rules for transaction approval. This creates attack surfaces that do not exist in Bitcoin's native implementation.
The most critical of these is the blind signing problem. Because Ethereum multisig transactions are smart contract interactions, the signer's hardware wallet cannot display a human-readable destination address. Instead, it shows an opaque hash of the smart contract call. Signers are effectively approving a hash they cannot meaningfully verify, not the actual destination of the funds.
This is the vulnerability the Lazarus Group exploited. The attackers manipulated the transaction data so that the browser interface displayed a legitimate-looking transfer, while the actual on-chain transaction redirected roughly $1.5 billion to the attackers' wallet. The signers were busy, managing significant capital under operational pressure, and they were clicking through approvals on data they had no way to independently verify on their physical signing devices.
Additionally, smart contract logic itself can be modified if an attacker gains the ability to upgrade the contract. At Bybit, the signers unknowingly approved a transaction that altered the contract's implementation, transferring ownership to the attacker. This type of proxy contract manipulation is architecturally impossible with Bitcoin's native multisig.
Why Bitcoin's Native Multisig Is Fundamentally Different
Bitcoin multisignature, or multisig, operates at the protocol level. It is not a smart contract or a software add-on. It is a native feature of the Bitcoin scripting language that has been battle-tested since its introduction. A Bitcoin multisig wallet defines a fixed set of public keys and a threshold of required signatures at the time of creation. These parameters are enforced by every node on the Bitcoin network.
This means a Bitcoin multisig wallet cannot be "upgraded" or modified after the fact. There is no proxy contract to redirect, no implementation logic to swap out, and no ownership function to transfer. The rules of the wallet are immutable once set. An attacker cannot change a 2-of-3 multisig into a 1-of-1 wallet, regardless of how sophisticated the attack.
Critically, Bitcoin transactions are transparent to signers. Each signer can verify the destination address, the amount, and the fee directly on their hardware signing device. There is no opaque data payload or intermediary smart contract logic to obscure what is actually happening. What you see on your hardware device is exactly what you are signing. The entire class of blind-signing attacks that enabled the Bybit hack is not possible with Bitcoin.
Had Bybit's assets been held in a Bitcoin-native multisig wallet, the type of attack that succeeded, modifying the underlying wallet logic through a spoofed UI, would have been architecturally impossible.
How Multi-Institution Custody Solves the Single-Entity Problem
Even Bitcoin's native multisig, while far more resistant to the Bybit-style attack, benefits from an additional layer of security when combined with multi-institution custody. In a multi-institution custody model, the private keys required to authorize a transaction are held by separate, independent institutions. No single entity, including the custody provider, holds enough keys to move funds unilaterally.
This is fundamentally different from splitting assets across multiple custodians. If an investor divides holdings equally among three custodians and one is compromised, they lose a third of their assets. With multi-institution custody using a 2-of-3 multisig quorum, the compromise of any single key-holding institution results in zero asset loss. The remaining two institutions can recover 100% of the holdings.
This architectural separation directly addresses the failure modes exposed by the Bybit hack. If one institution's interface or systems were compromised, the attacker would still need to independently compromise one or more additional institutions with entirely separate security infrastructure, personnel, and verification procedures. A single point of compromise cannot cascade across independently operated institutions.
At Bybit, every signer accessed the same compromised interface within the same organization. In a multi-institution custody model, each signer operates within a different organizational and technical environment. The economics of the attack change fundamentally: instead of one entity to infiltrate, the attacker must simultaneously compromise multiple independent, regulated institutions with no shared infrastructure.
The Growing Imperative
As Bitcoin continues to appreciate in value, the stakes of custody rise in lockstep. At current prices, the incentives for sophisticated state-sponsored attackers are already extreme. At two to five times current levels, the industry faces threats it is not yet prepared for. The Bybit hack demonstrated what is possible today. The question is whether custodial architecture will evolve faster than the attackers.
Multi-institution Bitcoin custody, built on Bitcoin's native multisig and distributed across independent key-holding institutions, is the structural answer. It eliminates the single-entity risk that doomed Bybit. It eliminates the blind-signing vulnerability inherent in smart contract multisig. And it raises the cost and complexity of an attack to a level that fundamentally changes the calculus for even the most resourced adversaries.
The Bybit hack was not a failure of cryptography. It was a failure of architecture. For investors holding significant Bitcoin positions, the lesson is clear: the security model matters as much as the asset itself.
Why Onramp
Onramp's multi-institution custody model is built on Bitcoin-native 2-of-3 multisig, where three independent institutional key partners each hold one key. A transaction requires approval from at least two of the three key-holding institutions, each of which performs its own independent verification before signing. No single entity, including Onramp, has unilateral control over client assets.
This is the architecture that the Bybit hack proved the industry needs. To learn more about how multi-institution custody protects against the specific attack vectors that enabled the largest heist in financial history, contact Onramp's team.
