On February 21, 2025, Web3 faced its most devastating hack yet – Bybit, a leading exchange, was hacked for $1.4 billion in ETH and staked ETH, sending shockwaves through the digital asset community. This unprecedented breach exposed a persistent truth: centralized exchanges (CEXs) are the Achilles’ heel in Web3 security.
The attack reportedly exploited a sophisticated phishing hack, deceiving multisig wallet signers into approving fraudulent transactions via UI spoofing. While ByBit’s core infrastructure survived, trust in centralized security suffered yet another heavy blow.
Centralized Security’s Fatal Flaw for Web3
ByBit’s loss highlights an alarming trend. In 2024 alone, Web3 suffered $2.36 billion in losses across 760 security incidents, most targeting centralized platforms. Why? Centralized systems hinge on human trust—making them predictable, lucrative targets for cybercriminals. While Web3 preaches decentralization, many of its most valuable assets still rely on Web2-era security models.
CEXs, with their centralized control over funds, operate as high-value targets. Unlike decentralized finance (DeFi) protocols, where users retain self-custody, CEXs depend on human trust—an inherently exploitable weakness. ByBit joins Binance and OKX among victims proving centralized Web2-era security models are inadequate for decentralized ambitions.
Decentralized Infrastructure (DePIN) as the Solution
Web3 security urgently requires a shift from centralized vulnerability to decentralized resilience. Decentralized Physical Infrastructure Networks (DePIN) distribute trust and validation, eliminating the single points of failure exploited by attackers.
Naoris Protocol stands at the forefront of this security evolution. Utilizing its Post-Quantum powered Decentralized Proof of Security (dPoSec) blockchain, Naoris Protocol replaces traditional centralized control with a decentralized network of validator nodes. Each node continuously validates every other, forming a robust, real-time “security hive mind” to swiftly detect and neutralize threats.
Could Naoris Protocol Have Prevented the Bybit Hack?
While no security system is infallible, a DePIN cybersecurity framework like Naoris Protocol could have significantly reduced such risks. Here’s how Naoris Protocol could have mitigated the ByBit incident:
Phase 1: Preventing Credential Theft and Host Compromise
Naoris Protocol assigns quantum-resistant cryptographic identities to devices, making stolen credentials unusable from compromised machines. Its decentralized validator nodes automatically detect abnormal user behaviors or compromised devices, isolating threats immediately. Lazarus operatives would have faced instant detection and containment, blocking persistent system access.
Phase 2: Stopping UI Spoofing and Malicious Transactions
Attackers tricked ByBit’s signers with fake transaction interfaces. Naoris Protocol addresses this vulnerability through quantum-secure UI hashing, continuously verifying transaction interfaces against cryptographically secure, on-chain versions. Any alteration triggers instant consensus failure, halting malicious transactions. Moreover, its distributed code attestation ensures only verified smart contracts execute, thwarting any unauthorized transactions.
Had ByBit adopted this type of security, fraudulent transactions would have detected and blocked the breach in real time, protecting $1.4 billion in user assets.
Web3’s Imperative: Decentralized Security
The ByBit breach underscores why centralized models are no longer viable for Web3’s decentralized vision. David Carvalho, CEO of Naoris Protocol, emphasizes this urgency:
“The ByBit hack highlights systemic flaws in centralized security. Web3 must break free from Web2 vulnerabilities. Decentralized ecosystems demand decentralized security. The time for DePIN is now.”
ByBit’s transparent response and swift reassurances to users—pledging 1:1 asset backing and full solvency—are praiseworthy. Yet, the reality remains stark: centralized security has failed repeatedly, demanding immediate evolution.
Web3 stands at a crossroads. To fulfill its decentralized promise, it must embrace trustless, resilient security models. The ByBit attack is more than a breach—it’s an urgent call for Web3 to transition fully to DePIN-based cybersecurity solutions like Naoris Protocol.
