Synopsis
A $1.4 billion crypto theft at Bybit exposed vulnerabilities in even self-custody solutions, highlighting the critical importance of a wallet's underlying software stack. This incident is driving a shift towards architecturally cleaner, isolated, and offline-first wallet designs that prioritize key security over user interface. The conversation is also evolving to include post-quantum preparedness, with forward-thinking platforms integrating future-proof cryptography.Listen to this article in summarized format
That gap, between choosing self-custody and actually achieving it, is quietly driving a new conversation in crypto security circles. Most users still evaluate wallets the way they evaluate apps: interface, supported tokens, and ease of use. What's getting harder to ignore is what lies beneath the surface. The way a wallet manages key storage, transaction signing, and network exposure matters far more than it once did, and not every wallet approaches those fundamentals in the same way.
The first distinction most people learn is custodial versus non-custodial. It's an important one, but it's also where the conversation usually stops. Non-custodial is not a single standard. It's a broad category that includes everything from browser extensions to mobile apps to dedicated hardware devices. Each with meaningfully different security assumptions underneath. The real question isn't just who holds your keys. It's what kind of environment those keys ever come into contact with.
Always-connected wallets and where they fall short
Software wallets are convenient, but they share an environment with everything else on your device, such as browsers, apps, and network connections. That shared surface is exactly where most attacks find their way in.
Hardware wallets narrowed that gap but didn't close it. Most still depend on connected software to construct and broadcast transactions. The signing is offline, the surrounding environment isn't. Add firmware transparency concerns and supply chain questions in the mix, and it becomes clear why some in the security space are looking for something architecturally cleaner.
The Bybit incident illustrated this in stark terms. The compromise wasn’t of the hardware wallets themselves, it was of the Safe{Wallet} interface signers used to review transactions. The actual data sent to the hardware devices for signing differed from what appeared on screen. This is the ‘blind signing’ problem: the gap between what a signer believes they are approving and what they actually authorise. The hardware wallets signed exactly what they were asked to sign. The problem was that what they were asked to sign had been changed upstream.
That search is what's driving early interest in platforms like Lock.com, an isolated crypto wallet currently in early access and being built around a different premise entirely. A platform where the signing environment isn't just partially isolated, but designed to never make internet contact at all.
The case for isolated, offline-first architecture
The idea is straightforward once you hear it: keep the part of the system that holds your private keys completely separate from the part that talks to the internet. Always. Not mostly, always.
In practice, that means:
- Transaction signing happens on an offline device, one that never connects to a network
- Unsigned transactions travel to the signer via QR code, Bluetooth, or local WiFi, no internet involved
- The signed transaction is then broadcast through a separate, connected environment.
A small but growing category of wallets has been built around this principle, including Keystone, Ngrave, AirGap Vault, and GridPlus, alongside upcoming entrants like Lock.com. What distinguishes the category isn’t any single feature, it's the underlying refusal to let the signing environment ever touch a network.
Lock.com sits within this category. The premise isn't just ‘more secure’; it's a fundamentally different way of thinking about where risk enters the system and how to keep it out.
It's a shift from trusting the device to trusting the design.
Post-quantum preparedness is entering the conversation
Quantum computing isn't breaking encryption tomorrow. The threat it poses to digital assets, however, is already active. “Harvest now, decrypt later” attacks in which adversaries intercept and store encrypted data today, betting on quantum decryption capability arriving within a decade are well-documented and ongoing. For assets with multi-decade lifespans, including private keys, the migration question isn’t whether to prepare for quantum. It’s whether the infrastructure being built now will still be secure by the time quantum capability arrives.
NIST finalised its first three post-quantum cryptography standards in August 2024, including ML-KEM (FIPS 203) for key encapsulation and ML-DSA (FIPS 204) for digital signatures1. NIST IR 8547 sets 2030 as the formal deprecation date for quantum-vulnerable algorithms and 2035 as their disallowance2. In June 2025, a US Executive Order mandated federal post-quantum migration3. The conversation has moved from researchers warning about future risk to governments mandating present-day migration.
A few platforms are already doing this. Lock.com, for instance, is integrating post-quantum cryptographic standards, ML-DSA-65 signatures and ML-KEM-768 key encapsulation, into its foundation from the ground up4.
It's the kind of decision that won't matter to most users today. But in ten years, it might be the most important architectural choice a wallet ever made.
The way people evaluate crypto wallets is quietly shifting. For a long time, the checklist was simple: supported tokens, transaction fees, and a clean interface. That checklist is getting longer. Architecture is on it now, and so is key isolation, firmware transparency, and increasingly, long-term cryptographic resilience.
Bybit’s story isn’t unusual; it's the most expensive instance of a pattern that has played out repeatedly across the industry5.The users and institutions coming into self-custody over the next few years will likely ask harder questions from the start; not just what a wallet supports, but how it's actually built, and what assumptions it's making about the threat landscape on their behalf.
For users coming into self-custody in 2026 and beyond, the questions worth asking have changed. Not just which tokens a wallet supports or what the fees look like, but where its keys live, what its signing environment touches, and what assumptions it makes about a decade out threat landscape. The wallets that survive the next architectural shift will be the ones answering those questions today.
Reference/s:
- NIST CSRC, Post-Quantum Cryptography Project — csrc.nist.gov/projects/post-quantum-cryptography
- NIST IR 8547, Transition to Post-Quantum Cryptography Standards (December 2024)
- US Executive Order 14306, federal post-quantum cryptography migration (June 6, 2025)
- NCC Group, “Bybit Hack: In-Depth Technical Analysis” (2025)
- Chainalysis, “Collaboration in the Wake of Record-Breaking Bybit Theft” (2025)
(This article is generated and published by ET Spotlight team. You can get in touch with them on [email protected])
