The record for the largest crypto theft keeps falling to the same move: reach whoever can sign. Ronin started with a fake job offer to one engineer. Bybit’s signers approved a transaction they read as routine.
Stealing the key is optional
Many of these drains never required a stolen key. Attackers got a real signer to approve a malicious transaction through a spoofed interface or a blind-signing prompt. Defending funds means defending the signing decision itself, the moment a person taps approve.
It starts on the communication layer
Nearly every one of these began weeks before the drain, with a message from someone who wasn’t real. We close that path and harden the signers behind it, so one approval can’t end your protocol.
Hardening the way you sign
Most treasury drains come down to how funds move, so that is where the work starts. We review your signer set, quorum policy, and signing hygiene, along with the custody and movement controls that sit between an attacker and the funds. We tighten multisig thresholds, key rotation, and the approval discipline that keeps one bad tap from draining you. We cover the whole signing set too: cosigners, validators, ops staff, and contractors all hold risk, not just the core team. No single person, device, or approval should be able to move the treasury on its own.
