Threats Post ByBit Hack: We Review Hot, Cold, Custodial Wallets, and More

Crypto crime is on the rise according to Chainanalysis's 2025 Crypto Crime Report. Crypto platforms experienced a 21% increase in stolen funds in 2024 compared to 2023, totaling an estimated $2.2 billion. North Korea took the lion's share. Approximately $1.34 billion was stolen by the Hermit Kingdom hackers last year,  accounting for about 61% of all crypto theft losses in 2024. Compromised private keys was leading vector of theft, representing approximately 43.8% of stolen crypto.

But all this came to a head on February 21, 2025 when ByBit experienced a sophisticated cyberattack that led to the unauthorized transfer of approximately 401,000 ETH worth roughly $1.5 Billion USD during a high-value transaction. This breach is considered the largest cryptocurrency theft to date. The FBI attributed the record heist to North Korean state-sponsored hacking groups, notably the Lazarus Group. These groups have an extensive history of targeting the financial sector and cryptocurrency platforms to fund North Korea's nuclear weapons program. 

As cryptocurrency's value continues to grow, so does the risk and the need for secure storage solutions and transaction protocols. The high value means crypto investors face constant threats from hackers, malware, and phishing attacks, making the security of digital assets a top priority. Let's take a look at how the attack against ByBit took place and review the different crypto-wallet types such as hot, cold, and custodial work.

The $1.5 Billion Dollar ByBit Hack: What Happened?

ByBit utilized cold wallets—offline storage solutions considered more secure than online (hot) wallets—to protect its assets. However, the attackers were able to gain access to ByBit's sensitive infrastructure and spoof visible elements of the user-interface during a routine transfer between wallets. Ultimately creating a transfer to an account under their control. The hack highlights the fact that while cold storage may be secure, using cold wallets alone does not provide comprehensive security protocols and secure transactions.

The attack involved deceiving ByBit's CEO into authorizing the transfer of nearly $1.5 billion worth of Ethereum (ETH) to an attacker controlled wallet, despite extensive protocols in place to verify the details of the transfer. When hackers can penetrate your infrastructure, advanced social engineering tactics and spoofing user-interfaces means that cybercriminals can exploit human factors within otherwise secure administrative processes designed to closely scrutinize every detail.

Hot, Cold, Custodial: The Main Types of Crypto-Wallets

As the price of BitCoin and other digital crypto assets increases, securing private keys and transactions becomes more important. Understanding the differences between hot, cold, and custodial wallets is vital for making informed decisions about asset storage and protection. Let's review the three most common wallet types according to how the private keys are managed. 

What is a Hot Wallet?

A hot wallet is a cryptocurrency storage solution connected to the internet, facilitating quick and easy access for transactions. While convenient for frequent trading or spending, hot wallets are more susceptible to hacking, malware, and phishing attacks due to their online presence. Examples include mobile wallets, desktop wallets, and web-based wallets provided by exchanges.​

What is a Custodial Wallet?

A custodial wallet is managed by a third party, typically a cryptocurrency exchange or service provider, which controls the private keys on behalf of the user. This arrangement offers convenience, especially for beginners, as the custodian handles security, backups, and maintenance. However, users must trust the provider's security measures and may face restrictions on access or withdrawals. Notably, if the service provider experiences a security breach, as in the case of ByBit, users' assets may be at risk.

What is a Cold Wallet?

A cold wallet is a cryptocurrency storage solution that remains disconnected from the internet and is overall considered the most secure form of storage. Unlike hot wallets, which are always online and vulnerable to hacking, cold wallets provide air-gapped security, making them much harder to compromise. Transactions are signed offline and then moved to the blockchain using a separate online device. This separation ensures that private keys—used to authorize transactions—never come into contact with internet-connected systems, minimizing exposure to cyber threats.

Types of Cold Wallets

Several types of cold wallets exist, each offering varying levels of security, convenience, and accessibility. Here’s a breakdown of the most common types:

• Hardware Wallets: Physical devices designed to store private keys securely. Hardware wallets generate and store private keys offline, allowing users to sign transactions without exposing their keys to the internet.

• Paper Wallets: A paper wallet is a physical printout containing the crypto currency's private and public keys, often in the form of a QR code. It allows users to receive crypto but requires manual entry or scanning to send transactions.

• Air-Gapped Computers: A dedicated computer that never connects to the internet and is used solely for managing cryptocurrency transactions. Users generate and sign transactions offline, then transfer them via a USB drive to an internet-connected device.

• Other Physical Mediums: Virtually anything that can have QR code or letters printed on it could be used as a cold wallet. For example metal plates can have seed phrases or QR Codes engraved on them rather than storing digital keys directly. They serve as an indestructible backup form of cold storage.

Other Notable Types of Crypto-Wallets

Other specialized wallets configurations provide advanced security mechanisms for businesses and institutions, while others focus on automation and smart contract integration. Below are three notable alternatives that play a significant role in cryptocurrency storage and management.

• Multi-Signature (Multi-Sig) Wallets: Requires multiple private keys to authorize transactions, to  enhance security by distributing control among multiple parties. This ensures that no single entity can access funds alone. Multi-sig wallets are widely used by businesses, DAO treasuries, and institutional investors who require shared control over funds. Some multi-signature wallets allow users to specify how many signatures are needed for transactions (e.g., a 2-of-3 setup where at least two private keys must sign off).

• Smart Contract Wallets: A smart contract wallet is a blockchain-native wallet that operates using self-executing smart contracts to enhance security and automation. These wallets can enforce spending limits, recovery mechanisms, and multi-signature verification without requiring a central authority. Smart contract wallets do not rely on externally stored private keys but instead use programmable rules to manage transactions. DeFi users and crypto investors benefit from wallets like Argent and Gnosis Safe, which offer features such as gas-free transactions, inheritance settings, and two-factor authentication for added security.

• Deterministic Wallets (HD Wallets): Generate an unlimited number of private/public key pairs from a single seed phrase (typically 12 or 24 words). This makes backups more manageable, as users only need to store the seed phrase instead of multiple private keys. HD wallets allow users to maintain control over their funds and ensure that future addresses can be derived from the same seed. Wallets like Ledger, Trezor, and MetaMask follow the BIP-32, BIP-39, and BIP-44 standards, ensuring compatibility across multiple platforms and applications.

The Bottom Line on Crypto-Wallets

• Custodial wallets are convenient but risky because a third party controls your funds.

• Cold wallets are the safest for long-term storage because you control the private keys.

• If security is a priority, a cold wallet is the best option for holding crypto assets safely.

• Multi-Signature (Multi-Sig) Wallets provide shared control, reducing the risk of single-point failures.

• Smart Contract Wallets enable automated security measures, such as spending limits and recovery options.

• Deterministic (HD) Wallets simplify backups by using a single seed phrase to generate multiple addresses.

• Security best practices include using hardware wallets, enabling two-factor authentication, and keeping backups of private keys in secure locations.

Conclusion

The ByBit hack serves as a stark reminder of the evolving threats in the cryptocurrency landscape and the critical importance of robust security measures. Cold wallets provide one of the most secure methods for storing crypto currency, protecting assets from online attacks and unauthorized access. Whether using hardware wallets offer ease of use, paper wallets offer simplicity.

However, these offline solutions are not infallible, especially when human factors and sophisticated social engineering tactics come into play. A comprehensive security strategy should encompass not only the choice of wallet type but also stringent operational protocols, regular security audits, and ongoing education to mitigate risks effectively.