Reassessing Crypto Custody Security: Cold vs. Hot Wallet Risks in the Wake of the Bybit and Upbit Heists

The Vulnerabilities of Hot Wallets

Hot wallets, which remain perpetually connected to the internet, are indispensable for facilitating liquidity and real-time transactions. However, their online exposure makes them prime targets for cyberattacks. According to a report by TokenMetrics, institutions using hot wallets often allocate only small portions of their reserves to these accounts, reserving them for daily trading and customer withdrawals. Despite this, even limited exposure can be catastrophic if not fortified with advanced safeguards.

Multi-signature (multisig) configurations and multi-party computation (MPC) wallets have emerged as critical defenses. A 2025 analysis by Cobo highlights that MPC wallets, which distribute private key control across multiple parties, significantly reduce the risk of single-point failures. Yet, as the hypothetical Bybit and Upbit heists suggest, no system is entirely immune. Institutions must treat hot wallets as a necessary but inherently volatile component of their custody strategy, prioritizing real-time monitoring and rapid response protocols.

The Cold Storage Imperative

For long-term holdings, cold wallets-offline storage solutions-remain the gold standard. ResearchGate's 2025 study emphasizes that cold wallets eliminate remote attack vectors, making them ideal for securing large reserves. Institutions often combine cold storage with custodial services or hardware devices, ensuring physical and digital isolation of private keys. This approach aligns with best practices outlined by Blockware Solutions, which advocates for cold storage as the foundation of institutional-grade security.

However, cold wallets are not without trade-offs. Their offline nature introduces latency in accessing funds, a drawback for markets demanding immediate liquidity. This tension between security and accessibility has driven the adoption of hybrid models, where cold storage anchors the majority of assets while hot wallets manage operational needs.

Hybrid Strategies and Emerging Technologies

The most robust custody frameworks integrate both hot and cold solutions, calibrated to an institution's risk profile. Caleb and Brown's 2025 guide notes that hybrid strategies allow firms to "balance the immediacy of hot wallets with the ironclad security of cold storage," a model increasingly adopted by hedge funds and sovereign wealth funds. Crucially, these strategies are evolving with technological advancements.

MPC wallets, for instance, are bridging the gap between security and usability. Unlike traditional multisig systems, which require manual coordination among signatories, MPC enables seamless transactions while maintaining distributed key control. This innovation, as highlighted by Cobo, is particularly appealing to institutions seeking compliance-friendly solutions without sacrificing operational agility.

Lessons for Institutional Investors

The hypothetical Bybit and Upbit heists-though lacking detailed public records-serve as a stark reminder of the consequences of inadequate custody practices. For institutional investors, the takeaway is clear: reliance on a single storage method is no longer viable. Instead, a layered approach that incorporates:
1. Strict hot wallet limits with MPC or multisig protections,
2. Cold storage for the majority of assets, and
3. Continuous auditing and threat intelligence,

is essential. Furthermore, partnerships with custodians offering insurance and regulatory compliance can add critical safeguards.

Conclusion

As crypto markets grow in complexity, so too must the strategies protecting them. The cold vs. hot wallet debate is no longer a binary choice but a dynamic component of a broader security ecosystem. For institutions, the path forward lies in adopting adaptive, technology-driven frameworks that prioritize resilience without compromising functionality. In an era where breaches can erase years of value, the cost of complacency is simply too high.