In the crypto world, even cold wallets are not safe: “The cryptocurrency industry has been rocked by what is now considered the largest digital asset theft in history, as Bybit, a leading crypto exchange, confirmed on Friday that hackers stole approximately $1.4 billion worth of Ethereum (ETH) from one of its offline wallets….

“Bybit’s CEO and co-founder, Ben Zhou, revealed in a livestream announcement that hackers managed to drain 401,346 ETH from one of the company’s cold wallets. Cold wallets, which are designed to store cryptocurrency offline and away from internet exposure, are considered the most secure way to hold digital assets.”

Good People, ETFs (exchange-traded funds) are better ways to invest in cryptos and we are working to offer that option in Africa in one of the new playbooks in the industry. Yes, you do not need to do cryptos to become an investor in cryptos. 

A Bitcoin ETF is an ETF that tracks the price of Bitcoin, either by holding physical Bitcoins in a trust or by using derivatives contracts such as futures and swaps. The ProShares Bitcoin Strategy ETF is an example of the latter, as it does not hold any Bitcoins directly, but rather invests in Bitcoin futures contracts traded on the Chicago Mercantile Exchange (CME). The ETF aims to provide exposure to the daily changes in the price of Bitcoin, minus fees and expenses.

Tekedia Capital is working on an ETF, and we think it will make the adoption of BTC, ETH, etc move up, as it makes them just another asset class, enabling you to buy and sell coins  in the way you do company stocks!

A bitcoin futures exchange-traded fund (ETF) issues publicly traded securities that offer exposure to the price movements of bitcoin futures contracts. Here’s how it works: An investment company creates a subsidiary that acts as a commodity pool. The pool in turn trades bitcoin futures contracts typically in an effort to mimic the spot price of bitcoin. But there are costs involved like “roll premiums” and management fees, among others. Plus, futures contracts don’t track spot prices exactly, so returns may never be as high as, or in sync with, spot market prices.

Bybit Loses $1.4bn in Ethereum in Largest Crypto Heist in History

Extended Response to a Comment

Comment – Prof, while ETFs undeniably offer convenience, the argument that they inherently resolve security concerns or align with the ethos of cryptocurrency is fundamentally not based on facts, and overlooked risks inherently associated with ETFs.

Cold wallets, by design, store private keys offline, making them immune to remote cyberattacks. The breach at Bybit likely resulted not from a flaw in cold wallet technology, but from operational failures—such as mishandled keys, insider threats, or temporary exposure of the wallet to online systems during transactions. For example, if Bybit’s cold wallet was intermittently connected to the internet for liquidity management, hackers could exploit that window. Thus, the incident reflects poor security practices by the exchange, not a failure of cold wallets themselves. To generalize this breach as proof that cold wallets are unsafe is akin to blaming bank vaults for a robbery caused by a negligent guard. Individual users who manage their own cold wallets (e.g., hardware wallets) retain full control over their keys, a security model far removed from centralized exchanges like Bybit.

Further, the argument positions ETFs as a panacea for security risks, but this ignores critical trade-offs. ETFs replace direct ownership of crypto with exposure via a tradable security, and this on its introduces new risks such as
1. Counterparty Risk: ETF investors rely on the custodian (e.g., the ETF provider) to securely hold the underlying assets. If the custodian’s safeguards fail—as seen in the collapses of FTX or Celsius—investors bear the loss.
2. Regulatory Risk: Governments can restrict or ban crypto ETFs, as seen in China’s 2021 crypto crackdown, leaving investors stranded.
3. Loss of Utility and Control: ETF holders cannot use their crypto for transactions, staking, or decentralized finance (DeFi) applications. They surrender the autonomy that defines cryptocurrency’s appeal.

So, framing ETFs as “safer,” the argument dismisses these risks, creating a false dichotomy between wallets and ETFs. Safety is not absolute; it depends on the threat model. ETFs may reduce personal responsibility for security but introduce reliance on third parties—a trade-off many crypto purists reject.

Again, cryptocurrency emerged as a rebellion against centralized financial systems, prioritizing decentralization, self-sovereignty, and censorship resistance. ETFs, by contrast, recentralize control into the hands of institutions and regulators. Promoting ETFs as a superior investment vehicle undermines the very principles that attract many to crypto: the ability to “be your own bank.” For instance, the creator of Bitcoin, Satoshi Nakamoto, envisioned a peer-to-peer electronic cash system, not a Wall Street-traded derivative. While ETFs may broaden mainstream adoption, they cater to traditional investors at the expense of diluting crypto’s disruptive potential.

Arguing that ETFs will accelerate crypto adoption by mimicking traditional assets overlooks the diverse motivations of crypto users. Many adopters value decentralization, privacy, or resistance to inflation—features ETFs cannot replicate. Furthermore, ETFs do little to address barriers like regulatory hostility or technological complexity. In our Nigeria, for example, crypto adoption surged due to currency devaluation and restrictive capital controls, and not demand for stock-like instruments. Assuming ETFs alone will drive adoption ignores these nuanced drivers.

We need to appreciate the fact that ETFs do not shield investors from crypto’s inherent volatility or systemic risks. The 2022 market crash, which erased $2 trillion in value, impacted non-direct and direct holders alike. Framing ETFs as “better” obscures this reality; they are merely a different vehicle for exposure to the same volatile ass…

My Response: Wow – just seeing this.  First, a chatbot wrote this as it did not take a position, but was all the place to counter, repeating non-contested lines over challenging the thesis that ETFs will drive crypto adoption in Africa. In general, the chatbot did not disapprove my position, but simply provided a lecture on the pros and cons of cold wallets, exchanges, and ETFs. (That is #1 signature in chatbot. So, I will respond to the chatbot below)

That said, I wrote “even cold wallets are not safe” and that is a fact because a company using cold wallets lost $1.4 billion. That it could have resulted from staff, policies, etc does not change the outcome. A man in the UK is in court to recover his $750m in Bitcoin from the landfill because he lost the hard disk he kept the stuff. 

For the broad African retail investors – the focus of my post – ETFs which will enable them to buy from stockbrokers will be superior than expecting them to buy and hold coins in exchanges or store in cold wallets. This response did not consider the “Africa investing” niche, but responded broadly.  That said, the recent exuberance on BTC, ETH, and crypto happened because institutional investors are buying ETFs, untethered from having to own/hold coins directly. That was the basis of the recent bull even before Trump’s electoral victory.

More so, understand that if you buy Goldman Sachs BTC ETH and GS loses the coin, the bank and its insurers will take care of you. That is not the case if you lose your direct wallet. Think of it: if you buy IBM stock and Blackrock loses it, they have to make you whole! The same applies to Bitcoin ETF!

I do not believe that cryptos are decentralized (10 companies command at least 80% of bitcoin mining capacity. So any decentralization is an illusion). My postulation is that all key cryptos are centralized at exchanges even though they appear technically decentralized. And governments license exchanges to operate and that means governments control cryptos! (Those not in exchanges are marginal) . 

The optimal growth will come when cryptos find homes in governments, and ETFs are the best vehicles for that across the globe. African governments have tools and experiences to manage ETFs unlike coins they cannot “feel” or “touch”,  and if one offers the ETF, growth will come.

The cryptocurrency industry has been rocked by what is now considered the largest digital asset theft in history, as Bybit, a leading crypto exchange, confirmed on Friday that hackers stole approximately $1.4 billion worth of Ethereum (ETH) from one of its offline wallets.

The breach, which was described as a “sophisticated attack”, has sent ripples throughout the digital currency world, raising fresh concerns over the security of even the most well-established crypto exchanges.

How the Hack Happened

Bybit’s CEO and co-founder, Ben Zhou, revealed in a livestream announcement that hackers managed to drain 401,346 ETH from one of the company’s cold wallets. Cold wallets, which are designed to store cryptocurrency offline and away from internet exposure, are considered the most secure way to hold digital assets. However, this attack has exposed a new level of vulnerability in the security infrastructure of crypto exchanges.

Providing more details in a post on X, Bybit explained that the hackers exploited a flaw in the company’s multi-signature (multisig) cold wallet system, using a method that manipulated transaction verification processes.

“The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic,” Bybit said in a statement.

This deceptive method allowed the attacker to gain control of the cold wallet and transfer its entire holdings to an unidentified external address.

The revelation that a cold wallet—which is supposed to be immune to internet-based hacking attempts—was compromised in such a manner has raised serious questions about the security protocols of cryptocurrency platforms and whether even offline storage solutions can be trusted.

Bybit has assured its users that it is working with top cybersecurity firms, blockchain forensic experts, and law enforcement agencies to trace the stolen funds and identify the perpetrators.

“Our security team, alongside leading blockchain forensic experts and partners, is actively investigating the incident. Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us,” the company stated.

The Biggest Crypto Heist Ever

The scale of this breach has shattered previous records for crypto-related hacks. According to Rekt, a platform that tracks security breaches in the Web3 and digital asset space, this heist surpasses major past crypto thefts, including the $624 million Ronin Network hack (March 2022), and the $611 million Poly Network exploit (August 2021).

Tom Robinson, co-founder and chief scientist at blockchain analytics firm Elliptic, described the heist as unprecedented.

“In fact, it may even be the largest single theft of all time,” he noted, comparing the scale of the breach to physical financial crimes, not just digital hacks.

To put the scale of this attack in context, before the Bybit hack, the largest bank heist in history was the looting of approximately $1 billion from the Central Bank of Iraq in 2003, as reported by the financial news site World Finance.

Crypto Industry Faces Rising Security Threats

The Bybit incident adds to the growing tally of high-profile crypto hacks in recent years, underscoring the increasing risks in the digital asset space. According to a report by blockchain analytics firm Chainalysis, hackers stole an estimated $2.2 billion in crypto throughout 2024, a significant increase from $2 billion recorded in 2023.

One of the most alarming findings from Chainalysis’ research is that North Korea-linked hacking groups were responsible for $1.34 billion in crypto theft across 47 incidents in 2024—a 102.88% increase from 2023 when they stole $660.5 million across 20 incidents.

Bybit, which is headquartered in Dubai, United Arab Emirates, remains one of the top cryptocurrency exchanges in the world, with an estimated $16 billion in total assets as of last week, according to CoinMarketCap.

Despite the magnitude of the attack, the company has reassured users that its other cold wallets remain secure and that all client funds are safe. The exchange continues to operate without disruption, maintaining trading, withdrawals, and other services.

“We want to assure our users and partners that all other Bybit cold wallets remain fully secure. Our security infrastructure is being reviewed to prevent future incidents, and our operations will continue as usual,” the company said.

Implications for the Crypto Market

The Bybit hack is likely to reignite debates on crypto security, regulation, and investor protection. Despite major advancements in blockchain security, smart contracts, and cold storage solutions, this latest incident has exposed serious vulnerabilities.

Some experts are advocating more robust regulation and third-party oversight of crypto exchanges to help prevent such breaches in the future. Others believe that the industry needs to invest in more advanced security protocols, including real-time monitoring systems that can detect suspicious activity before funds are transferred.

Recent developments indicate that the U.S. Securities and Exchange Commission (SEC) has taken significant steps to drop charges in lawsuits against both Coinbase and OpenSea, marking a notable shift in the regulatory landscape for cryptocurrency and NFT platforms in the United States.

Coinbase announced that SEC staff had agreed in principle to dismiss the lawsuit against the company, pending final approval from the SEC’s commissioners, expected to vote on the matter the following week. This lawsuit, initiated in June 2023 under the Biden Anti crypto administration and former SEC Chair Gary Gensler, accused Coinbase of operating as an unregistered securities exchange, broker, and clearing agency, and unlawfully offering its staking-as-a-service program.

The case was seen as a cornerstone of the SEC’s aggressive enforcement push against the crypto industry, alleging that Coinbase facilitated trading in at least 13 crypto tokens that should have been registered as securities.
The preliminary agreement to dismiss the case comes with no fines, penalties, or mandated changes to Coinbase’s operations, representing a clean slate for the exchange.

Coinbase CEO Brian Armstrong hailed this as a major victory, not just for his company but for the broader crypto industry, aligning with President Donald Trump’s campaign promise to make the U.S. a “crypto capital.” The dismissal, if finalized “with prejudice,” would prevent the SEC from refiling similar charges, potentially setting a precedent for other crypto exchanges facing regulatory scrutiny. This shift follows Trump’s inauguration and the replacement of Gensler, suggesting a more crypto-friendly stance under the new Republican-led SEC.

Similarly, on February 21, 2025, reports emerged that the SEC concluded its investigation into OpenSea, the leading NFT marketplace, without pursuing enforcement action. The probe, which had been ongoing, centered on whether NFTs traded on OpenSea constituted unregistered securities—a contentious issue that sparked debate within the crypto community.

OpenSea’s CEO, Devin Finzer, confirmed that the SEC informed the company it would not take action, closing the investigation. This decision came after OpenSea received a Wells notice in August 2024, signaling potential charges, and had prepared a $5 million legal fund to defend NFT artists and developers against possible SEC actions. Finzer viewed the outcome as a win for the NFT and broader Web3 community, arguing that classifying NFTs as securities was a misinterpretation of existing laws that could stifle innovation. The SEC’s decision to drop the case without charges alleviates a significant regulatory overhang for OpenSea and the NFT sector, which had faced uncertainty amid the agency’s earlier hardline approach.

These developments reflect a rapid pivot in SEC policy under Acting Republican leadership following Trump’s inauguration on January 20, 2025. The agency has also established a dedicated crypto task force and rescinded prior accounting guidance, signaling a softer stance compared to Gensler’s tenure, when the SEC targeted major crypto players like Coinbase, Binance, and Kraken. The simultaneous retreat from legal battles with Coinbase and OpenSea suggests a strategic recalibration, possibly influenced by political pressure and Trump’s pro-crypto agenda, including his firing of Gensler.

For Coinbase, the dismissal removes a nearly two-year legal burden that had been a focal point in the debate over whether crypto assets fall under securities laws, as defined by the 1946 Howey Test. For OpenSea, it ends fears that the SEC might broadly categorize NFTs as securities, which could have disrupted the digital art and collectibles market.

Industry leaders, such as Blockchain Association CEO Kristin Smith, have called this a “turning point,” potentially paving the way for a more favorable regulatory environment. However, critics like Dennis Kelleher of Better Markets argue that this retreat undermines investor protections, accusing the SEC of bowing to crypto industry pressure.

These cases appear resolved in favor of the companies, with Coinbase awaiting final US SEC commissioner approval and OpenSea’s investigation formally closed. This dual rollback has boosted optimism in the crypto and NFT sectors, though the long-term implications for regulation remain uncertain as the Trump administration’s policies continue to unfold.