Image iStock.com/stuartmiles99

‍Why Centralized Security is Failing Web3 and How DePIN is the Answer

On February 21, 2025, the largest Web3 crypto hack in history took place—Bybit, a major exchange, was hacked for $1.4 billion in ETH and staked ETH, sending shockwaves through the digital asset community. While ByBit’s infrastructure remained intact, the hack was a brutal reminder that centralized exchanges (CEXs) continue to be the weakest link in Web3’s security chain.

The exploit was reportedly carried out through a sophisticated phishing scheme that tricked multisig wallet signers into approving fraudulent transactions via UI spoofing. This incident is not an outlier—it is a symptom of a deeper issue plaguing Web3: centralized control remains the Achilles’ heel of security.

The Risk of Centralized Security in Web3

Bybit’s breach underscores a recurring trend. In 2024 alone, Web3 suffered $2.36 billion in losses across 760 security incidents, with centralized platforms disproportionately affected. The reason? Human oversight remains a single point of failure, making custodial platforms prime targets for cybercriminals.

While Web3 preaches decentralization, many of its most valuable assets still rely on Web2-era security models.

CEXs, with their centralized control over funds, operate as high-value targets. Unlike decentralized finance (DeFi) protocols, where users retain self-custody, CEXs depend on human trust—an inherently exploitable weakness.

The Bybit hack joins a growing list of similar exploits across Binance, OKX, and other major players. It’s clear that Web3 security cannot afford to continue inheriting the vulnerabilities of Web2.

DePIN: The Future of Web3 Cybersecurity

The answer to these recurring failures is a paradigm shift in security models. Decentralized Physical Infrastructure Networks (DePIN) for cybersecurity, distribute trust and validation across decentralized networks, eliminating the single points of failure that centralized systems depend on.

Naoris Protocol is leading the charge in redefining Web3 cybersecurity.

Using its Post-Quantum powered Decentralized Proof of Security (dPoSec) consensus mechanism, Naoris Protocol transforms traditional centralized infrastructure of devices and networks into decentralized mesh of cyber-trusted validator nodes. Instead of relying on a handful of individuals to safeguard billions in assets, security is enforced by a trustless and automated army of security validator nodes. Every node continuously validates the integrity of every other node, creating a ‘security hive mind’, detects and mitigates malicious activity in real time, ensuring unparalleled resilience and trust.

Could Naoris Protocol Have Prevented the Bybit Hack?

While no security system is infallible, a DePIN cybersecurity framework like Naoris Protocol could have drastically minimized the impact of the attack. By leveraging Post-Quantum cryptographic fingerprints and its Distributed Proof of Security (dPoSec) consensus, Naoris Protocol would have identified and blocked these attack vectors before they could progress, preventing the breach from escalating. Here are the two attack phases as seen through the lens of Naoris Protocol’s security DePIN mitigating the Bybit hack.

Phase 1: Stopping Credential Theft and Host Compromise
The attack began with credential theft via phishing and malware, allowing Lazarus Group to access employee devices and monitor transaction signing. Naoris Protocol prevents this with Post-Quantum Device Fingerprints, assigning each device a CRYSTALS-Dilithium cryptographic identity. Any attempt to use stolen credentials on a compromised device would fail due to a mismatch with the approved on-chain record. Additionally, dPoSec Consensus Validation continuously verifies device integrity through a decentralized validator network. These nodes check hardware integrity (BIOS/UEFI state), user behavior (AI-driven anomaly detection), and secure access policies in real time. If malware compromises a device, Naoris Protocol detects the anomaly, revokes access, and quarantines the system before credentials can be stolen, ensuring attackers are blocked from escalating the breach.

Phase 2: Preventing UI Spoofing and Malicious Code Injection
As reported, attackers used a spoofed Safe UI to trick signers into approving fraudulent transactions. Naoris Protocol prevents this with Quantum-Secure UI Hashing, where all transaction interfaces are hashed using SPHINCS+ and stored on-chain. dPoSec validators continuously verify these hashes, instantly flagging any tampered UI elements, such as altered recipient addresses, and freezing the transaction before execution. Additionally, Distributed Code Attestation ensures only pre-verified smart contracts are executed. Validators use formal verification proofs to detect hidden threats like delegatecall functions in malicious contracts, rejecting unauthorized transactions—even if human signers approve them. Air-gapped swarm signing further secures approvals by requiring independent validation against the blockchain’s canonical state, eliminating the risk of spoofed UIs tricking signers.

Had Bybit been secured by Naoris Protocol, these protections would have detected and blocked the breach in real time, ensuring that compromised credentials could not be used, and fraudulent transactions could not be executed. 

Web3 Must Embrace Decentralized Security

The Bybit hack is yet another example of why Web3 needs decentralized, trustless security models to eliminate the vulnerabilities of centralized decision-making.

David Carvalho, CEO of Naoris Protocol, encapsulates the urgency of this shift:

"The Bybit hack exposes the systemic flaws of centralized security. Web3 cannot keep inheriting Web2’s vulnerabilities. A decentralized world needs decentralized security. The time for DePIN is now."

Despite the breach, Bybit's swift, transparent and professional response is praiseworthy. CEO Ben Zhou assured users that all client assets are backed 1:1 and that the exchange remains solvent and operational, even if the stolen funds are not recovered.  However, the reality remains: centralized security is no longer fit for purpose in a decentralized ecosystem.

The Bybit exploit is not just another hack—it is a call to action. Web3 must evolve beyond centralized models to truly fulfill its decentralized promise. The future of cybersecurity is trustless, distributed, and resilient. Those who fail to adapt will continue to pay the price.

Decentralized security isn’t a concept—it’s happening now. Download the Naoris Protocol Post-Quantum DePIN Testnet. 918K+ Wallets; 11.4M+ Post-Quantum TXs.

Read Naoris Protocol’s latest Market Report: DePIN & The Future Of Web3 Security

‍

About Naoris Protocol

‍

Naoris Protocol is revolutionizing cybersecurity and digital trust with the world's first Decentralized Security Layer, — a Post-Quantum powered DePIN that secures Web2 & Web3 infrastructures, including L0, L1, L2, DEXes, bridges, and validators. By turning every device into a trusted validator node, our Decentralized Security Layer leverages the cutting-edge dPoSec consensus mechanism and Decentralized Swarm AI, to set a new standard in transparency, trust, and security — preparing Web2 and the blockchain ecosystem for a Post-Quantum future.

Led by industry experts and cyber pioneers adding decades of experience who are committed to advancing the frontiers of cybersecurity and trust, here’s some of our trusted advisors;

• David Holtzman: former CTO of IBM and architect of the DNS protocol
• Ahmed Réda Chami: Ambassador for Morocco to the EU. Former CEO Microsoft North Africa
• Mick Mulvaney: Former White House Chief of Staff
• Inge Kampenes: Former Chief of Norwegian Armed Forces & Chief of Cyber Defence adding decades of experience who are committed to advancing the frontiers of cybersecurity and trust.

‍

Want to learn more?
Download our Testnet

Visit our Website or check out our White Papers
Stay connected: X | Discord | LinkedIn | Telegram

‍