Introduction
The recent security breach involving Bybit, resulting in the theft of over $1.4 billion in digital assets, has brought into sharp focus the evolving threats facing institutional digital asset management. The attack leveraged a targeted compromise of Safe's multisig frontend, highlighting vulnerabilities not only in smart contract design but also in operational workflows, governance, and signer authentication.
While self-custody solutions like Safe are exceptional tools for many use cases, incidents like this demonstrate why institutional-grade security requires more than technology alone—it demands governance, oversight, and regulated processes.
As a Qualified Custodian, Rakkar Digital protects customer assets through robust security frameworks designed to eliminate unauthorized transactions and mitigate the risks that self-custody solutions may face at scale.

Understanding the Bybit Incident
On February 21, 2025, Bybit’s Ethereum multi-signature cold wallet was drained of funds exceeding $1.4 billion. The attack unfolded in a highly coordinated manner:
- Social engineering compromised a Safe’s developer’s machine
- Malicious JavaScript was injected into the Safe multisig frontend (app.safe.global), altering transaction data invisibly during the signing process.
- Even with multisig protections in place, the attack was executed via blind signing—signers unknowingly authorized malicious transactions, which replaced original data with attacker-controlled instructions.
This exploit demonstrates how even sophisticated multisig setups can be vulnerable without strict operational and governance controls.

The Institutional Challenge of Self-Custody
While self-custody systems are valuable and secure when properly managed, they place immense responsibility on the organization. For institutions managing client funds or large balances, the operational risks compound:
- Human error in transaction verification.
- Compromised frontends affecting transaction integrity.
- Blind signing practices that bypass rigorous checks.
These vulnerabilities and their corresponding risks are especially critical for exchanges, asset managers, and financial institutions with fiduciary responsibilities.

How A Qualified Custodian Mitigates These Risks
Rakkar Digital is purpose-built to address these risks through secure, regulated custodial services designed for institutions. Our solution integrates technological excellence with operational rigor:
Secure Key Management
- MPC-CMP technology eliminates single points of failure.
- Private keys are never fully exposed, and no individual controls the full signing power.
Transaction Safeguards
- No blind signing—transactions are reviewed at multiple levels before approval.
- Pre-whitelisting of destination addresses, vetted through KYT (Know Your Transaction) screenings through a leading crypto transaction analytics vendor
- Customer-defined transaction policies, including thresholds and required approvers as part of a quorum.
- Internal operational checks on all transactions with dual control measures.
Regulatory Assurance
- Licensed under relevant financial authorities.
- Fully segregated and bankruptcy remote
- Independently audited with ISO 27001, SOC 1, and SOC 2 certifications.
- Insurance coverage for custodial assets.

Why Institutions Are Turning to Qualified Custodians
Qualified custody is not merely about safeguarding private keys; it’s about protecting the entire lifecycle of a transaction. From customer intent to execution, Rakkar’s layers of defense ensure that even if parts of a workflow are targeted—whether through social engineering or technical compromise—unauthorized asset movements are stopped before they happen. For any institution holding client funds, this is the operational resilience required to build lasting trust.

Self-Custody vs. Qualified Custodian: Risk Comparison

Conclusion
The Bybit incident is a stark reminder that technology alone cannot secure institutional assets. Without governance, operational oversight, and regulatory adherence, even the most advanced self-custody systems can become vulnerable.

Connect with Us
If you would like to learn more about how Rakkar Digital can help secure your digital assets, reach us at contact@rakkardigital.com.
This document is for informational purposes only and should not be considered legal, tax, financial, or investment advice. Individuals are encouraged to seek guidance from their own professional advisors before making any related decisions. Rakkar Digital disclaims any responsibility or liability for decisions, actions, or omissions resulting from the use of this material.
Rakkar Digital does not guarantee the accuracy, completeness, relevance, or reliability of the information contained herein and is not liable for any claims arising from errors, omissions, or other inaccuracies within this material.