Just How Safe Is Cryptocurrency?. The Questions I Asked — And What I… | by Joy Kareko | The Capital | Mar, 2025

The Questions I Asked — And What I Discovered.

Just a few weeks ago, Bybit experienced a massive security breach, resulting in the theft of approximately $1.5 billion in digital assets — making it the largest crypto heist in history.

This is not the first crypto heist; there have been many before, each exploiting vulnerabilities within the cryptocurrency security ecosystem. One common target is hot wallets — wallets connected to the internet — which are significantly more vulnerable compared to offline cold wallets.

There have been other heists that used phishing methods, where users are lured into clicking malicious links that expose their private keys or downloading harmful software capable of bypassing security measures and authentication protocols.

However, what truly raised eyebrows — especially mine — was that in this recent heist, attackers exploited flaws within Bybit’s cold wallet system. Cold wallets are typically considered secure due to their offline status, making this breach particularly alarming.

How exactly did they manage to do that?

Let me explain a little bit about cold wallets.

The cold wallet storage system is an offline storage solution where private keys are kept securely, making it less convenient for frequent transactions. It is designed to minimize exposure to online threats, which is why this breach is particularly concerning.

Private keys are, simply put, like passwords that should never be shared with the public. In the crypto world, there are two types of keys: a public key and a private key. The public key acts like an address that you can share with others to receive funds.

The private key, on the other hand, is a digital proof of ownership, granting full control over the funds in a wallet. If someone gains access to your private key, they can transfer your funds without your permission. Additionally, if you lose your private key, your funds are permanently inaccessible — unless you have a recovery phrase (also known as a seed phrase), which serves as a backup.

In this recent heist, hackers intercepted transactions during the transfer from a cold wallet to a warm wallet, tricking operators into unknowingly…