Strengthening Security in Digital Asset Custody
February 25, 2025The recent ByBit security breach, resulting in the unauthorized loss of client assets, serves as a stark reminder of the critical importance of operational risk and security in digital asset custody. This incident underscores vulnerabilities that can arise when segregation of duties, transaction verification, and smart contract integrity are not upheld with the highest security standards.
Identifying the Operational Weaknesses in the ByBit Incident
The ByBit hack exposed key failures in custodial security practices that should serve as industry-wide lessons:
Lack of Segregation Between Transaction Creation and Approval
The same system and individuals handled both transaction creation and approval, through a single UI that was spoofed, enabling a malicious contract modification without an independent verification step.
Blind Signing Without Proper Verification
Transactions were signed without clear visibility into what was being approved, leading to unauthorized fund transfers disguised as routine operations.
Inadequate Smart Contract Security & Upgrade Controls
The attackers were able to replace key infrastructure controls too easily by upgrading a smart contract, rendering any policies or thresholds around their assets useless against the takeover.
How Tungsten Custody Solutions Addresses These Issues by our Design
At Tungsten Custody Solutions, security is embedded into our operational DNA, ensuring that clients’ digital assets remain protected under the highest standards of governance and control. We align with:
✅ CMTA Digital Assets Custody Standard (DCAS 2023) – Industry-leading framework ensuring best practices in key management and transaction security.
✅ ISO 27001:2022 Certified – A globally recognized standard for information security management, ensuring rigorous operational and compliance controls.
These guidelines and certifications can be verified through our third-party independent generated SOC2 Type II report. Our security model directly mitigates the vulnerabilities seen in the ByBit breach:
Immutable Key Management & Controlled Infrastructure
Our key management system cannot be modified or upgraded without strict, multi-tiered internal controls, preventing unauthorized changes to custodial contracts. We have a strong change management policy and a chain of custody which verifies every change.
Independent, Secure Transaction Creation
Transactions are generated within a secure, managed environment, reducing the risk for a single individual or system to manipulate or create malicious transactions. Our system design is of MPC architecture and our wallet approach is cold stored.
Airgapped, Hardware-Based Verification
Our transactions are verified and signed using physically stored, airgapped security tokens, allowing our approvals to be executed with strong cryptographic provenance. We apply strict segregation of roles with doer checker principles at all times where we have applied an abundance of caution in processing transactions.
Unparalleled Security, Verified Through Independent Audits
Beyond adherence to global custodial standards, Tungsten Custody Solutions operates from a fully on-premise, UAE-based infrastructure, ensuring:
✅ On-Premise Custodial Control – MENA clients can verify our security implementations, unlike offshore or cloud-based solutions.
✅ SOC 2 Type II Certification – Independent validation of our security and operational integrity through ongoing, real-world audits.
✅ Regulatory Alignment – Compliance with UAE’s robust financial and virtual asset governance standards.
Securing Your Digital Assets with Proven Custodial Excellence
In an evolving digital asset landscape, institutional security is non-negotiable. Tungsten Custody Solutions ensures that your assets remain protected under the strictest security and compliance frameworks available.
If you would like to discuss how our custody framework can support your operational risk and security needs, we would be happy to arrange a dedicated consultation.
