ByBit’s $1.4B wake-up call for Web3 security

The attack reportedly exploited a sophisticated phishing hack, deceiving multisig wallet signers into approving fraudulent transactions via UI spoofing. While ByBit’s core infrastructure survived, trust in centralised security suffered yet another heavy blow.

Centralised security’s fatal flaw for Web3

ByBit’s loss highlights an alarming trend. In 2024 alone, Web3 suffered $2.36 billion in losses across 760 security incidents, most targeting centralised platforms. Why? Centralised systems hinge on human trust – making them predictable, lucrative targets for cybercriminals. While Web3 preaches decentralisation, many of its most valuable assets still rely on Web2-era security models. CEXs, with their centralised control over funds, operate as high-value targets. Unlike decentralised finance (DeFi) protocols, where users retain self-custody, CEXs depend on human trust – an inherently exploitable weakness. ByBit joins Binance and OKX among victims proving centralised Web2-era security models are inadequate for decentralised ambitions.

Decentralised Infrastructure (DePIN) as the solution

Web3 security urgently requires a shift from centralised vulnerability to decentralised resilience. Decentralised Physical Infrastructure Networks (DePIN) distribute trust and validation, eliminating the single points of failure exploited by attackers.

Naoris Protocol stands at the forefront of this security evolution. Utilising its post-quantum powered Decentralised Proof of Security (dPoSec) Blockchain, Naoris Protocol replaces traditional centralised control with a decentralised network of validator nodes. Each node continuously validates every other, forming a robust, real-time ‘security hive mind’ to swiftly detect and neutralise threats.

Could Naoris Protocol have prevented the Bybit hack?

While no security system is infallible, a DePIN cybersecurity framework like Naoris Protocol could have significantly reduced such risks. Here’s how Naoris Protocol could have mitigated the ByBit incident:

Phase 1: preventing credential theft and host compromise

Naoris Protocol assigns quantum-resistant cryptographic identities to devices, making stolen credentials unusable from compromised machines. Its decentralised validator nodes automatically detect abnormal user behaviors or compromised devices, isolating threats immediately. Lazarus operatives would have faced instant detection and containment, blocking persistent system access.

Phase 2: stopping UI spoofing and malicious transactions

Attackers tricked ByBit’s signers with fake transaction interfaces. Naoris Protocol addresses this vulnerability through quantum-secure UI hashing, continuously verifying transaction interfaces against cryptographically secure, on-chain versions. Any alteration triggers instant consensus failure, halting malicious transactions. Moreover, its distributed code attestation ensures only verified smart contracts execute, thwarting any unauthorised transactions.

Had ByBit adopted this type of security, fraudulent transactions would have detected and blocked the breach in real time, protecting $1.4 billion in user assets.

Web3’s imperative: decentralised security

The ByBit breach underscores why centralised models are no longer viable for Web3’s decentralised vision. David Carvalho, CEO of Naoris Protocol, emphasises this urgency: "The ByBit hack highlights systemic flaws in centralised security. Web3 must break free from Web2 vulnerabilities. Decentralised ecosystems demand decentralised security. The time for DePIN is now."

ByBit’s transparent response and swift reassurances to users – pledging 1:1 asset backing and full solvency – are praiseworthy. Yet, the reality remains stark: centralised security has failed repeatedly, demanding immediate evolution.

Web3 stands at a crossroads. To fulfill its decentralised promise, it must embrace trustless, resilient security models. The ByBit attack is more than a breach – it’s an urgent call for Web3 to transition fully to DePIN-based cybersecurity solutions like Naoris Protocol.

Decentralised security isn’t theoretical – it’s operational now. Discover Naoris Protocol’s Post-Quantum DePIN Testnet. With 918K+ wallets and 11.4M+ quantum-secure transactions, Naoris Protocol is proving that the future of Web3 security is decentralised.