Ledger CEO highlights increased efforts by institutions to address “security vulnerabilities” post-Bybit hack

Ledger CEO Pascal Gauthier revealed that a number of institutions contacted him in the wake of the Bybit hack, looking to solve “security vulnerabilities.” He also acknowledged that the companies sought liquidity access from self-custody or regulated custodians.

The firm’s executive maintained that the Ledger team was knowledgeable about and concerned about security in the aftermath of Bybit. He argued that security was not static but constantly evolving.

Gauthier cautions about security vulnerabilities in crypto companies

Security isn’t an option. It’s a necessity.

— Ledger (@Ledger) March 18, 2025

Ledger CEO Pascal Gauthier revealed that companies reached out to him after the Bybit hack last month, looking to solve “security vulnerabilities.” Gauthier explained that the institutions also reached out while looking to de-risk since Ledger can offer them that. 

Gauthier noted that security vulnerabilities were emerging at an alarming rate, and attackers were exploiting them rapidly. He also highlighted his displeasure with how organizations typically took months to implement fixes.

The Chairman of Ledger argued that any trusted partner in the crypto space will continuously look for any vulnerabilities in their products to give customers peace of mind. He said the crypto industry as a whole needed to raise its security standards.  

Gauthier also warned institutional investors against using retail-grade products. He urged them to start the right way with “true enterprise-grade self-custody that has a governance layer.”

“Likewise, financial institutions must make tamper-resistant hardware, like Secure Element chips or enterprise-grade systems, the foundations of any security strategy, while implementing comprehensive encryption and clear transaction signing protocols to prevent sophisticated attacks.”

-Pascal Gauthier, Ledger Chairman and CEO

He maintained that protecting investors should be the highest priority in the crypto industry moving forward. Gauthier believes that the crypto community must be patient to see whether the industry can adapt to new security needs.

The company’s executive argued that security wasn’t the best conversation, but it showed a level of maturity in the industry that wasn’t even present at DAS London last year. He believes that the industry had left the more hypothetical stage and entered the planning stage since conversations were evolving to the point of discussing what was actually viable.

Guillemet calls for security advancements in the crypto space

Crypto industry expert ZachXBT highlighted in a Telegram message yesterday that the time spent freezing funds after the Bybit hack had been “eye-opening.” He also said that the industry was “unbelievably cooked when it comes to exploits/hacks.” ZackXBT argued that he was unsure if the industry would fix itself unless the government forcibly passed regulations that might hurt the entire industry.

Ledger’s chief technology officer, Charles Guillemet, mentioned in February after the Bybit hack that 2025 was “the worst year for cybercrime in history.”

Guillemet argued that the incident highlighted the need for the industry to move beyond trust-based security models as attackers become more sophisticated. He also acknowledged that the notable evolution was the shift toward enterprise-grade security solutions that combine Clear Signing with robust governance frameworks.

Guillemet believes that attackers such as the North Korean group Lazarus linked to the Bybit attack were evolving, and the industry’s current security measures must also evolve. He urged that the crypto industry needed proactive security infrastructure that would eliminate vulnerabilities like blind signing.

Ledger’s CTO also expressed concern that the Bybit hack was not the end of Lazarus’s targeting of the company. He argued that Bybit’s machines and networks were probably compromised, and the attackers were still at work attempting a lateral move to compromise other parts of the firm’s IT.

Ledger was also a victim of a cyber attack in 2023 after a former employee was phished and gave attackers access to the firm’s package manager. The company said that the attackers stole roughly $600,000 from users, which was a smaller number than the $1.4 billion that Bybit suffered. The phishing scheme led to Ledger removing the blind signing ability back in June of last year.

Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More