“Most blockchain infrastructure was initially constructed for a single-user, single-key mannequin, one personal key controls every little thing, and if that secret’s misplaced or stolen, all of the belongings are gone immediately. This goes in opposition to the essential safety rules that conventional finance has relied on for many years: a couple of particular person approving, separation of duties, and a number of other layers of protection,” Wu instructed CoinDesk.
In a means, the system constructed to revolutionize world finance has weaker safety than a typical electronic mail account.
Wu added that the variety of routes by means of which an assault will be launched has elevated considerably. “Cloud techniques, third-party instruments, social media accounts, and the individuals working them, all of those can turn out to be a means in.”
Each Wu and Fan pointed to the Bybit hack of February 2025 for instance of a widening assault floor. Attackers compromised the software program provide chain of a third-party developer device, permitting them to inject malicious code into the pockets’s net interface and trick executives into unknowingly signing away $1.5 billion in Ethereum.
The repair
The trade is now transferring to deal with the personal key vulnerability situation, although not evenly, based on Wu.
“There’s progress on many fronts: MPC [multi-party computation] wallets, account abstraction with social restoration, passkey-based login, {hardware} pockets enforcement, and correct key administration SOPs,” he mentioned. “The issue is that these are sometimes added as non-compulsory extras, as an alternative of being inbuilt from the beginning on the protocol stage. Most chains nonetheless deal with safety as a function to bolt on, not as a core design precept.”