March 7, 2025

Strengthening Institutional Crypto Security in Light of Recent Events

How Qualified Custody Safeguards Institutional Assets Against Emerging Threats
Strengthening Institutional Crypto Security in Light of Recent Events

Introduction

The recent security breach involving Bybit, resulting in the theft of over $1.4 billion in digital assets, has brought into sharp focus the evolving threats facing institutional digital asset management. The attack leveraged a targeted compromise of Safe's multisig frontend, highlighting vulnerabilities not only in smart contract design but also in operational workflows, governance, and signer authentication.

While self-custody solutions like Safe are exceptional tools for many use cases, incidents like this demonstrate why institutional-grade security requires more than technology alone—it demands governance, oversight, and regulated processes.

As a Qualified Custodian, Rakkar Digital protects customer assets through robust security frameworks designed to eliminate unauthorized transactions and mitigate the risks that self-custody solutions may face at scale.

Shape

Understanding the Bybit Incident

On February 21, 2025, Bybit’s Ethereum multi-signature cold wallet was drained of funds exceeding $1.4 billion. The attack unfolded in a highly coordinated manner:

  • Social engineering compromised a Safe’s developer’s machine  
  • Malicious JavaScript was injected into the Safe multisig frontend (app.safe.global), altering transaction data invisibly during the signing process.
  • Even with multisig protections in place, the attack was executed via blind signing—signers unknowingly authorized malicious transactions, which replaced original data with attacker-controlled instructions.

This exploit demonstrates how even sophisticated multisig setups can be vulnerable without strict operational and governance controls.

Shape

The Institutional Challenge of Self-Custody

While self-custody systems are valuable and secure when properly managed, they place immense responsibility on the organization. For institutions managing client funds or large balances, the operational risks compound:

  • Human error in transaction verification.
  • Compromised frontends affecting transaction integrity.
  • Blind signing practices that bypass rigorous checks.

These vulnerabilities and their corresponding risks are especially critical for exchanges, asset managers, and financial institutions with fiduciary responsibilities.

Shape

How A Qualified Custodian Mitigates These Risks

Rakkar Digital is purpose-built to address these risks through secure, regulated custodial services designed for institutions. Our solution integrates technological excellence with operational rigor:

Secure Key Management

  • MPC-CMP technology eliminates single points of failure.
  • Private keys are never fully exposed, and no individual controls the full signing power.

Transaction Safeguards

  • No blind signing—transactions are reviewed at multiple levels before approval.
  • Pre-whitelisting of destination addresses, vetted through KYT (Know Your Transaction) screenings through a leading crypto transaction analytics vendor  
  • Customer-defined transaction policies, including thresholds and required approvers as part of a quorum.
  • Internal operational checks on all transactions with dual control measures.

Regulatory Assurance

  • Licensed under relevant financial authorities.
  • Fully segregated and bankruptcy remote
  • Independently audited with ISO 27001, SOC 1, and SOC 2 certifications.
  • Insurance coverage for custodial assets.
Shape

Why Institutions Are Turning to Qualified Custodians

Qualified custody is not merely about safeguarding private keys; it’s about protecting the entire lifecycle of a transaction. From customer intent to execution, Rakkar’s layers of defense ensure that even if parts of a workflow are targeted—whether through social engineering or technical compromise—unauthorized asset movements are stopped before they happen. For any institution holding client funds, this is the operational resilience required to build lasting trust.

Shape

Self-Custody vs. Qualified Custodian: Risk Comparison

Conclusion

The Bybit incident is a stark reminder that technology alone cannot secure institutional assets. Without governance, operational oversight, and regulatory adherence, even the most advanced self-custody systems can become vulnerable.

Shape

Connect with Us

If you would like to learn more about how Rakkar Digital can help secure your digital assets, reach us at contact@rakkardigital.com.

This document is for informational purposes only and should not be considered legal, tax, financial, or investment advice. Individuals are encouraged to seek guidance from their own professional advisors before making any related decisions. Rakkar Digital disclaims any responsibility or liability for decisions, actions, or omissions resulting from the use of this material.

Rakkar Digital does not guarantee the accuracy, completeness, relevance, or reliability of the information contained herein and is not liable for any claims arising from errors, omissions, or other inaccuracies within this material.

About Rakkar

Rakkar stands as Asia's leading qualified digital asset custodian, offering unparalleled asset security to financial institutions. Fortified by our strategic backing from SCB 10X, the investment arm of the Siam Commercial Bank, Rakkar provides digital asset custodial solutions with bank-grade security and compliance frameworks and an edge in operational agility. Founded in 2022 and belting esteemed security excellence certifications such as ISO 27001, SOC 1 Type 1 and SOC 2 Type 1 & 2, Rakkar remains unwavering in its mission to offer the most secure, institutional-grade custodian services across Asia.

Disclaimer: Digital assets involve risks; investors should complete independent due diligence and research to carefully make investments according to their own risk profile.
Details
Date
March 7, 2025
Category
Institutions
follow us
linkedin
twitter
RElated insights
Institutions

Strengthening Institutional Crypto Security in Light of Recent Events

How Qualified Custody Safeguards Institutional Assets Against Emerging Threats
Read Article
Institutions

Rakkar adds custody support for 2 new assets

Rakkar expands its custody services with four new digital assets, including CELO and USDTb, enhancing security, scalability, and flexibility for clients. Explore the latest additions to our institutional-grade custody platform.
Read Article

Get in touch

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.