Ledger CEO Pascal Gauthier Addresses Security Concerns

Ledger CEO Pascal Gauthier revealed that several institutions contacted him following the Bybit hack, looking to resolve “security vulnerabilities.” He acknowledged that these companies also sought liquidity access through self-custody or regulated custodians.

The executive emphasized that the Ledger team is knowledgeable about and concerned for security in the wake of the Bybit incident. He stated that security is not static but constantly evolving.

Gauthier Cautions About Security Vulnerabilities in Crypto Companies

> “Security isn’t an option. It’s a necessity.”
> — Ledger (@Ledger) March 18, 2025

Gauthier explained that security vulnerabilities are emerging rapidly, and attackers are exploiting them quickly. He expressed dissatisfaction with how organizations often take months to implement necessary fixes.

The Ledger Chairman argued that any trusted partner in the crypto space should continuously seek out vulnerabilities in their products to ensure customer peace of mind. He called for the entire crypto industry to raise its security standards.

Gauthier also cautioned institutional investors against using retail-grade products, advocating for “true enterprise-grade self-custody that includes a governance layer.” He asserted:

> “Financial institutions must build their security strategies on tamper-resistant hardware, like Secure Element chips, and implement comprehensive encryption methods along with clear transaction signing protocols to prevent sophisticated attacks.”
> — Pascal Gauthier, Ledger Chairman and CEO

He maintained that protecting investors must be the top priority in the crypto industry moving forward. Gauthier believes patience is required to see if the industry can adapt to new security needs. He noted that discussions about security have evolved, showcasing a maturity that was absent just a year ago at DAS London.

Guillemet Calls for Security Advancements in the Crypto Space

Crypto expert ZachXBT stated in a Telegram message that the time taken to freeze funds post-Bybit hack was “eye-opening” and voiced skepticism about the industry’s self-correcting capabilities without government intervention.

Ledger CTO Charles Guillemet mentioned that 2025 is projected to be “the worst year for cybercrime in history”. He argued that the Bybit incident highlighted the need to abandon trust-based security models as attackers become increasingly sophisticated, advocating for enterprise-grade security solutions combining Clear Signing with solid governance frameworks.

Guillemet also warned that attackers, like the North Korean group Lazarus, were likely evolving, necessitating a proactive security infrastructure to eliminate vulnerabilities like blind signing.

He expressed concern that the Bybit hack might not be the last of Lazarus’s attempts to compromise Ledger, indicating that Bybit’s network and machines might still be compromised.

In 2023, Ledger itself suffered a cyberattack due to a phishing incident involving a former employee, resulting in the loss of about $600,000, significantly less than Bybit’s $1.4 billion loss. As a result, Ledger removed the blind signing feature last June.