“Most blockchain infrastructure was originally built for a single-user, single-key model, one private key controls everything, and if that key is lost or stolen, all the assets are gone instantly. This goes against the basic security principles that traditional finance has relied on for decades: more than one person approving, separation of duties, and several layers of defense,” Wu informed CoinDesk.
In a manner, the system constructed to revolutionize world finance has weaker safety than a typical electronic mail account.
Wu added that the variety of routes by which an assault might be launched has elevated considerably. “Cloud systems, third-party tools, social media accounts, and the people operating them, all of these can become a way in.”
Each Wu and Fan pointed to the Bybit hack of February 2025 for instance of a widening assault floor. Attackers compromised the software program provide chain of a third-party developer device, permitting them to inject malicious code into the pockets’s internet interface and trick executives into unknowingly signing away $1.5 billion in Ethereum.
The repair
The trade is now transferring to deal with the non-public key vulnerability difficulty, although not evenly, in response to Wu.
“There’s progress on many fronts: MPC [multi-party computation] wallets, account abstraction with social recovery, passkey-based login, hardware wallet enforcement, and proper key management SOPs,” he stated. “The problem is that these are often added as optional extras, instead of being built in from the start at the protocol level. Most chains still treat security as a feature to bolt on, not as a core design principle.”
