Bybit Breach Wake-Up Call: Security Must Be a Mindset, Not Just a Department, Says Failsafe's Aneirin Flynn

The recent $1.4 billion Ethereum theft from Bybit has shaken the crypto market and reignited debate over a hard fork to recover stolen funds. The scale of the hack highlights the growing risk of state-sponsored cybercrime and the urgent need for stronger security measures in the blockchain space.

Aneirin Flynn, co-founder and CEO of FailSafe, spoke with Benzinga about the Bybit exploit, potential preventive strategies, and why an Ethereum rollback isn't a feasible solution. FailSafe, a blockchain security firm, provides real-time threat detection and intelligent risk management to protect digital assets from evolving cyber threats.

Here is an excerpt from the interview:

What does the Bybit hack reveal about the evolving tactics of crypto hackers, and how should wallet providers and exchanges adapt?

The Bybit hack reveals that attackers are no longer just focused on compromising private keys or exploiting smart contract flaws—they're examining the entire operational stack. This means that every layer, including user interfaces and administrative controls, must be secured.

How can wallet and multisig platforms like Safe{Wallet} rebuild trust after an incident like this? Is transparency enough, or do they need deeper security overhauls?

Rebuilding trust after such an incident involves much more than transparent communication. While it is essential for platforms like Safe{Wallet} to be open about the breach and the steps taken to address it, transparency alone won’t restore confidence. Trust will be reestablished through deep security overhauls that address both technical vulnerabilities and operational shortcomings. This means redesigning the system architecture, implementing stronger access controls, and investing in robust human risk management to prevent similar issues from recurring.

This attack targeted the user interface rather than the blockchain itself. What security improvements should wallet providers prioritize to prevent similar attacks?
This is part of a general trend we’re seeing emerge—it’s much easier to compromise a signing device or socially engineer someone into providing sensitive information rather than targeting flaws or vulnerabilities in the blockchain (or smart contract logic) itself. In fact, attackers were able to skirt around CI/CD and deployment processes because they weren’t enforced on Safe developer machines. Wallet providers need to accept that they are likely targets within the supply chain. They should regularly test and review their entire security stack—from development to deployment and operations—to identify and fix vulnerabilities before they can be exploited.

FailSafe suggests an extra verification layer could have stopped the attack. Should all major exchanges and custodial services start implementing such solutions?

Absolutely. Incorporating an extra verification layer can serve as a critical safeguard, and major exchanges as well as custodial services should seriously consider adopting these solutions. Such a layer would enforce that every transaction originates from a secure user interface, simulating transactions for anomalies and rigorously checking the health of signing devices before approval. This additional checkpoint not only enhances the overall security posture but also acts as a final barrier against unauthorized transactions, thereby protecting the assets even if other defenses fail.

Given that both Safe{Wallet} and Ledger have now been compromised, do you think the industry has been overestimating the security of multisig and hardware wallets?
The recent compromises at Safe and Ledger don’t indicate that multisig and hardware wallet technologies are inherently insecure; rather, they reveal that the real vulnerabilities lie in the human and operational aspects surrounding these systems. The incidents demonstrate that while the technology itself may be robust, the security of the overall system is compromised when administrative controls and human risk management are insufficient.

Are exchanges like Bybit doing enough to secure their users' funds, or should they be adopting a more proactive approach to cybersecurity?

One key factor behind the hack was Bybit's attractiveness as a target—it consolidated one of the largest ETH reserves in a single Safe wallet and executed frequent high-value transactions, making it a magnet for sophisticated attackers. To better protect their users' funds, Bybit could adopt a more proactive approach by diversifying asset storage across multiple wallets, tightening administrative controls, and implementing additional layers of transaction verification. These measures would not only strengthen their overall security posture but also reduce the likelihood of becoming an appealing target for attackers.

Would industry-wide collaboration, such as shared threat intelligence networks, help prevent large-scale attacks like this in the future?

Shared threat intelligence networks help with recovery, as shown by current efforts to detect and freeze laundered funds through industry-wide collaboration. However, they don't guarantee prevention. Open-source frameworks like the Security Frameworks by Security Alliance (SEAL) offer valuable best practices, but their benefits depend on proper implementation. Ultimately, preventing large-scale attacks by advanced threat actors requires a proactive approach and an organizational commitment to prioritize security. Security is not a department—it's a mindset. When every member of an organization embraces the belief that security is everyone's responsibility, we build a culture of continuous vigilance that stands as our best defense.

How does this incident shape the future of crypto security? Do you see increased adoption of AI-driven security tools or new approaches to transaction verification?

I hope that the incident serves as a catalyst for the adoption of more security, ushering in an era where advanced security measures become the norm. A friend who looked after We can expect to see a greater adoption of AI-driven security tools that continuously analyze transaction patterns, detect anomalies in real time, and enforce dynamic security protocols. Additionally, new approaches to transaction verification—integrating secure UI enforcement, comprehensive device checks, and sophisticated simulation techniques—will be developed to create multi-layered defenses. These innovations will collectively shape a more secure and resilient crypto environment, making it harder for attackers to exploit any single vulnerability.