In February 2025, Bybit’s authorised signers approved what appeared to be a routine internal transfer from cold storage. They were using hardware wallets, multisig protection, and the operational protocols considered industry best practice. The transaction they signed was not the one displayed on their screens. The result, $1.4 billion gone in a single afternoon, became the largest cryptocurrency theft in history and a working demonstration that even self-custody, when built on a compromised software stack, is only half a security decision.That gap, between choosing self-custody and actually achieving it, is quietly driving a new conversation in crypto security circles. Most users still evaluate wallets the way they evaluate apps: interface, supported tokens, and ease of use. What's getting harder to ignore is what lies beneath the surface. The way a wallet manages key storage, transaction signing, and network exposure matters far more than it once did, and not every wallet approaches those fundamentals in the same way. The first distinction most people learn is custodial versus non-custodial. It's an important one, but it's also where the conversation usually stops. Non-custodial is not a single standard. It's a broad category that includes everything from browser extensions to mobile apps to dedicated hardware devices. Each with meaningfully different security assumptions underneath. The real question isn't just who holds your keys. It's what kind of environment those keys ever come into contact with.Always-connected wallets and where they fall shortSoftware wallets are convenient, but they share an environment with everything else on your device, such as browsers, apps, and network connections. That shared surface is exactly where most attacks find their way in.Hardware wallets narrowed that gap but didn't close it. Most still depend on connected software to construct and broadcast transactions. The signing is offline, the surrounding environment isn't. Add firmware transparency concerns and supply chain questions in the mix, and it becomes clear why some in the security space are looking for something architecturally cleaner.The Bybit incident illustrated this in stark terms. The compromise wasn’t of the hardware wallets themselves, it was of the Safe{Wallet} interface signers used to review transactions. The actual data sent to the hardware devices for signing differed from what appeared on screen. This is the ‘blind signing’ problem: the gap between what a signer believes they are approving and what they actually authorise. The hardware wallets signed exactly what they were asked to sign. The problem was that what they were asked to sign had been changed upstream.That search is what's driving early interest in platforms like Lock.com, an isolated crypto wallet currently in early access and being built around a different premise entirely. A platform where the signing environment isn't just partially isolated, but designed to never make internet contact at all.ET Spotlight
Not all crypto wallets work the same, and that gap is getting wider - The Economic Times
A $1.4 billion crypto theft at Bybit exposed vulnerabilities in even self-custody solutions, highlighting the critical importance of a wallet's underlying software stack. This incident is driving a shift towards architecturally cleaner, isolated, and offline-first wallet designs that prioritize key security over user interface. The conversation is also evolving to include post-quantum preparedness, with forward-thinking platforms integrating future-proof cryptography.
1,144 words~5 min read
