Human Failings Rather than Technology to Blame for Recent Bybit Security Breach, Expert Says
By Timely News Agency
Updated: March 18, 2025, 10:09 PM UTC
In a recent security breach that has rattled the cryptocurrency community, Bybit, the world’s second-largest cryptocurrency exchange by trading volume, experienced a significant theft estimated at around $1.5 billion. This incident highlights the persistent vulnerability of digital asset platforms to human error, rather than technical mishaps, according to Ben Charoenwong, an associate professor of finance at INSEAD.
The Breach at Bybit
The breach occurred amid a routine transfer of funds from a cold wallet, which is typically kept offline for security, to a warm wallet used for daily trading activities. Hackers exploited vulnerabilities linked to a proprietary Web3 implementation that utilized Gnosis Safe—a multi-signature wallet with a centralized upgradable architecture. Malicious code was deployed, making what appeared to be a standard fund transfer a front for an altered contract, triggering approximately 350,000 withdrawal requests from anxious users wishing to secure their assets.
Despite the enormity of the incident, which represents less than 0.01% of the total cryptocurrency market capitalization, Charoenwong noted that such breaches have shifted from existential threats to manageable operational challenges. Bybit has since reassured clients that any unrecovered funds will be covered through its reserves or partner loans, signaling a maturation in its operational resilience.
A Longstanding Issue: Human Error
Since the inception of cryptocurrencies, human missteps have been identified as the primary vulnerabilities in security, consistently eclipsing technical flaws related to blockchain protocols. Research shows that in 2024 alone, approximately $2.2 billion was stolen due to breaches predominantly attributed to human error.
According to Charoenwong, the recurring theme is rooted in organizations’ reluctance to accept responsibility for securing their own systems and the tendency to rely on custom-built solutions that deviate from established security practices. Such disregard fosters blind spots that cyber attackers can exploit, which is a pattern seen throughout the cryptocurrency industry.
Addressing the Human Element
The INSEAD professor emphasized that purely technical solutions cannot rectify fundamentally human problems. Although billions have been invested in enhancing technological security measures, comparatively little focus has been dedicated to addressing the human factors that lead to breaches.
One critical issue is the management of private keys, the security tokens that control access to digital assets. Errors such as losing, misplacing, or exposing private keys fundamentally compromise security. Additionally, social engineering attacks, which rely on manipulating individuals into revealing sensitive information, continue to pose a significant threat.
Proposing a Human-Centric Security Framework
To address these issues effectively, Charoenwong advocates for a paradigm shift towards a human-centric security approach. This entails designing security systems that are resilient to human error, as opposed to assuming that users will adhere flawlessly to security protocols.
Recommendations for individual users include the adoption of hardware wallet solutions, which provide a higher level of security compared to traditional storage methods. However, recognizing that many users prioritize convenience, Charoenwong suggests that exchanges should implement measures from traditional finance. These could involve default waiting periods on significant transfers, tiered account systems with varying authorization levels, and activating context-sensitive security education during critical decision-making times.
Industry-Wide Recommendations
At a larger scale, both regulatory bodies and industry leaders can play a pivotal role by establishing standardized human factors in security certifications. To truly advance the sector, Charoenwong emphasizes the importance of acknowledging the inevitability of human error.
He states that effective security mechanisms should not only protect technical systems but also anticipate human mistakes—an evolution from the traditional reliance on static credentials. This includes integrating behavioral anomaly detection systems capable of identifying suspicious activity, splitting private key storage between online and offline environments, and implementing multi-party authorizations for high-value transfers to enhance security.
Conclusion: Evolving from Vulnerability to Resilience
The recent Bybit incident illustrates a significant evolution within the cryptocurrency sector, shifting from its early days marked by fragility to a more robust financial infrastructure. Although security breaches are likely to persist, their nature has transformed into operational challenges that require continuous improvement and engineering solutions.
Ultimately, the path forward in cryptosecurity will not be paved by the unrealistic goal of eliminating all human error but rather by designing systems that can withstand such inevitable mistakes. As the cryptocurrency ecosystem matures, prioritizing human-centered design in security architectures can foster a more resilient digital financial landscape, ensuring that operations continue securely even in the face of human fallibility.
The views expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates.
Share this article:
