The Bybit Lesson

Here's what keeps me up: Bybit wasn't sloppy. They had exactly what consultants tell you to implement. Third-party multisig. Cold storage. Multi-approval processes. They were doing what everyone considers best practice.

The attackers still got in.

The Attack No One Saw Coming

The breach happened during recovery - when you move assets from cold storage into operational use. Hackers compromised a developer machine, injected malicious JavaScript into the transaction signing process. The workflow designed to keep keys secure became the vulnerability.

The Trap Everyone's In

When most people think about private keys, they think about storing them somewhere - either in whole or in part. Where's the safest place? HSMs? Air-gapped cold storage? Distributed shards?

But that's the fundamental misunderstanding. The assumption that if you have to keep something safe, it has to exist somewhere.

Every custody solution competes on better key protection. More sophisticated storage. More layers around the secret. But 100% of major 2025 breaches involved key compromise. The drifter attack showed organizations doing everything right on paper, keys still extracted.

For state-level adversaries, the highest ROI? Compromising the operational infrastructure itself. The keys, signers, wallet orchestration at centralized entities.

The Recovery Paradox

Every recovery workflow requires secrets to exist and be accessible.

Think about what happens when you need to move assets. Cold storage warms up. Keys get reconstructed or retrieved. Approvals flow through systems where someone (or something) can access the cryptographic material. That moment creates the attack surface.

You can add more signatures, more HSMs, more approval layers. But if the secret exists during recovery, it can be compromised during recovery. Bybit proved this.

We Do Things Differently

With Lokblok, secrets don't exist over time at all. The key is calculated at the point of use under policy, then destroyed. There's never a standing secret to be hacked - not in cold storage, not during recovery, not during operational workflow.

This isn't better key protection. It's a completely different underlying architecture and ethos. U.S. Patent No. 12,438,716 B2 granted, international applications pending.

You can't steal what isn't there.

The Real Question

If you're responsible for custody infrastructure, you know a single successful attack can end the organization entirely. $3.1B stolen in H1 2025 alone.

The question isn't whether your approach follows best practices. Bybit followed best practices and lost $1.46 billion.

The question is whether your architecture eliminates the recovery paradox itself.