Interview with Cai Wensheng: To Counter State-Level Hackers, Blockchain Security Needs an End-to-End Closed-Loop Risk Control System
TechFlow Selected TechFlow Selected
Interview with Cai Wensheng: To Counter State-Level Hackers, Blockchain Security Needs an End-to-End Closed-Loop Risk Control System
First disclosure of the process of being phished for 12,000 ETH, reflections on market trends, the Bybit incident, and AI.
Navigating Web3 tides with focused insightsEditor: Wu Shuo Blockchain
This discussion began with the Bybit hack involving $1.5 billion and focused on security vulnerabilities in multisig wallets (such as Safe) and their potential solutions. Shenyu highlighted that multisig wallets rely on infrastructure like frontends, hardware, and browsers—each of which has weak points, particularly frontend tampering and blind signing—which can lead to discrepancies between intended and actual transactions, making them exploitable by hackers. To address this, he proposed temporary measures such as domain whitelisting and transaction parsing plugins, while advocating for an end-to-end closed-loop risk control system enhanced by AI and third-party verification to improve security. Additionally, Shenyu shared for the first time his personal experience of being phished out of 12,000 ETH last year, emphasizing the risks of hardware wallet blind signing. He called on the industry to adopt layered authority models, zero-trust architectures, and stronger security culture. He also noted that facing nation-state-level hacking attacks requires continuous technological iteration and improved security awareness. Finally, Shenyu expressed optimism about the convergence of AI and crypto, believing future AI Agents could play a significant role within blockchain networks and drive innovation.
Audio transcription was completed using GPT and may contain errors.
Please listen to the full podcast:
Xiaoyuzhou (Little Universe):
https://www.xiaoyuzhoufm.com/episodes/67bf221605a90dfd0d0c7332
YouTube:
https://youtu.be/85Ogctbmito
Reflecting on multisig's dependency on vulnerable infrastructure, proposing temporary solutions like domain whitelists and transaction parsing plugins, and advocating for end-to-end closed-loop risk management
Colin: Could Boss Shenyu share your thoughts on the recent Bybit incident and highlight some key takeaways from this event?
Shenyu: This is actually a very typical case. The current industry solution for multisig relies heavily on various infrastructures and intermediate services developed by multiple parties. Traditionally, decentralization and distribution are seen as safer, but now we see bugs and weak links emerging at the interaction points among these different systems—hardware, software, frontend tools—and this has led to a series of high-value security incidents recently, often carried out by nation-state-level hacker groups. I’ve been reflecting on this issue since my own attack back in September last year. Around November, we reached out to several hardware wallet manufacturers and realized blind signing is a serious problem, and so is the vulnerability of connections from browser plugins to desktop environments to hardware devices—they represent the weakest link. We immediately contacted OneKey, Ledger, and others to explore possible solutions. However, during those discussions, we found that although each party had partial fixes, implementing a comprehensive solution capable of resisting real-world attacks proved extremely difficult. As someone mentioned earlier, it might take half a year or more to fully iterate. Ledger did develop a systematic fix, but due to contract constraints, they require passive updates, leading to a very long rollout cycle. So how do we effectively patch vulnerabilities and cross-system bugs across the entire chain?
The market currently lacks an end-to-end solution. Instead, people combine components from different vendors, but integration gaps create unexpected weaknesses that hackers can exploit. In response, internally we built some small tools and demos. First, we created a domain access whitelist to ensure websites opened through the browser haven't been tampered with—this helps prevent common phishing attacks, especially those caused by mistyped URLs or malicious redirects. Second, we developed a transaction parsing plugin that runs on mobile devices. Since some hardware wallets communicate via QR codes with plugins or with Safe, we use the plugin to verify whether the data transmitted via QR code has been altered and cross-check what’s displayed on the hardware device. These small tools helped, but overall felt too fragmented—the full end-to-end flow wasn’t seamlessly connected, requiring too many manual steps. After this incident, we’re rethinking our approach.
A core realization is that our industry is now massive—valued in trillions of dollars—and inevitably attracts highly resourced hacking teams. As our team members pointed out, you need deep expertise both horizontally and vertically. But because the industry evolves so rapidly, when building products, teams often overlook underlying security risks. Our current thinking, shaped by years of managing private keys (both hardware- and software-based, on-chain), is to leverage accumulated risk management capabilities and build dedicated risk control engines. For use cases like Safe, we aim to act as a custodian holding one of the private keys. With that key, we operate within a completely independent software and hardware environment, applying our proprietary risk engine to parse transactions. We further layer customized audit workflows, automated AI analysis, human review, blacklists/whitelists, and even advanced contract parameter controls.
We've used similar techniques throughout DeFi, but never fully productized or integrated them into a unified framework. Through this model of distributed authority, private keys aren’t controlled entirely by one team but partially held by external third parties. Only through such an end-to-end closed-loop system can we achieve true controllability. This is already how we operate in practice during on-chain DeFi interactions—because EOAs are highly vulnerable to phishing, migrating to multisig introduces new complexities like those seen in the Bybit case, where long operational chains introduce numerous risks. Our current strategy involves introducing an independent third party equipped with its own standalone tech stack, integrated software-hardware solution, risk engine, and even AI capabilities to create a secure, closed loop—from transaction initiation and parsing, to risk assessment, approval, and co-signing—aimed at defending against patient, long-term infiltration attempts by nation-state actors.
Shenyu's phishing experience highlights hardware wallet blind signing risks; calls for integration of AI and third-party verification
Colin: You just mentioned EOA phishing issues. We also know that last year, part of your assets were unfortunately stolen via phishing. Can you recall the details? Was the money ultimately transferred by North Korean hackers?
Shenyu: At the time, a project was distributing an airdrop. My physical condition wasn’t great, and I was distracted—I accidentally clicked a malicious link. The issue was that even though we had third-party risk control mechanisms monitoring domains and DNS resolution, that particular defense was bypassed and failed to trigger. Due to distraction, I didn’t double-check carefully. When it came to signing on the hardware wallet side, it was blind signing. Right after I pressed confirm, I sensed something wrong and immediately checked—it was already too late. What followed is public knowledge. After that incident, we focused intensely on solving the hardware wallet blind signing problem. During last year’s National Day holiday, we convened meetings with OneKey and other stakeholders and realized the challenge wasn’t easily solvable. EOAs are especially prone to targeted phishing attacks. So we shifted toward using Safe for multisig, only to discover the situation worsened—nearly every transaction became blind signing. That forced us to build many small tools trying to mitigate these issues. Ultimately, we concluded a closed-loop solution is essential—one requiring full integration of hardware and software, given that the hardware UI remains the final checkpoint. We also need independent third parties that can detect anomalies and intervene automatically, especially when users are fatigued or distracted. That’s why we started iterating on this idea and working toward productizing it.
Why the "altcoin season" hasn’t materialized: Lack of drivers; hope for national reserve decisions to boost markets
Colin: Last year, you were among the first to suggest there would be no “altcoin season,” sparking intense debate—some well-known figures criticized you, saying there must be one, while others agreed. In December, altcoins briefly rallied—perhaps you even thought the altcoin season had begun. But soon after, altcoins faded again, aligning with your original prediction that they’d barely exist this cycle. While we’re not here to make short-term predictions—someone once said only God knows that—do you have any updated thoughts? Do you believe an altcoin season is nearly impossible this cycle, confined mostly to Bitcoin-driven bull runs? And do you think the bull market has already ended or is turning bearish?
Shenyu: My current view is that aside from minor emotional hype cycles over the past two to three years, the industry still lacks clear, real-world applications and genuine user demand comparable to 2020–2021. I believe that’s the root cause. Without intrinsic momentum, no truly valuable new applications or assets will emerge. On the other hand, in this cycle, many investors remain in traditional U.S. stock markets, allocating capital via ETFs and platforms like Robinhood. They don’t truly hold crypto assets, so much of the capital hasn’t flowed into the ecosystem. Consequently, we haven’t seen the expected spillover effect—where capital moves from Bitcoin and Ethereum to other tokens. These two factors combined mean any altcoin rally tends to be short-lived—driven purely by sentiment—and lasts only weeks without broad-based adoption. Therefore, I largely maintain my previous stance.
My outlook for this year is that the market may see healthier growth in the second half—possibly between June and October—once clarity emerges around U.S. national strategic reserve policies. Until then, neither application development nor capital inflows appear strong enough to drive sustained momentum. So I’m placing most of my hopes on developments later this year.
I won’t predict today whether the bull run continues. Ultimately, it depends on whether the U.S. makes progress on national reserve-related matters this year. If nothing happens, the rally may end. Right now, we believe the probability of passage is relatively high—but uncertain. Hence, our main expectations lie in the second half. (Note: This Space took place on February 25; in March, Trump signed an executive order establishing a Bitcoin National Reserve.)
Historical theft case review: Defending against nation-state hackers requires layered authority, zero-trust architecture, and embedded security culture
Colin: Shenyu, you’re a veteran in the crypto space. Since joining around 2017, I’ve seen countless theft incidents—many dramatic. This Bybit hack set a record for largest amount stolen, though Bybit itself is profitable enough to fully reimburse losses. From your memory, including early days, what are the most memorable hacks worth sharing?
Shenyu: Offensive and defensive tactics keep evolving. Early attacks were primitive. Industry participants must recognize we're facing nation-state adversaries—not ordinary hackers. These are organized groups, sometimes training individuals from teenage years, employing sophisticated methods to infiltrate core infrastructure and exploit human psychology. We must clearly understand who we're up against. Over time, people get complacent; human nature creates vulnerabilities. Eventually, we must adopt defenses robust enough to withstand such threats.
In internet history, Cobo was likely the first Chinese-founded company to implement the zero-trust security model. We adopted it because it’s one of the few frameworks proven effective against nation-state intrusions. Starting around 2018–2019, we began internal zero-trust transformation—deploying monitoring tools across all internal services and installing agents on every employee’s computer and phone. Once we recognized the threat, we knew we needed this framework to minimize trust exposure across all systems.
For critical assets—especially private keys—we must apply principles of layering, separation of authority, and decentralization. What does layering mean? Wallets should be split into distinct tiers. I previously shared my “four-wallet theory” at the individual level, but institutionally, we need at least hot, warm, and cold wallet layers. Each tier has unique characteristics, access rules, whitelists/blacklists, and operational delays. Often, to maximize efficiency in a fast-moving industry, we compromise security. But mandatory time delays drastically reduce risk exposure—especially for warm and cold wallets. Cold wallets should ideally have physical isolation ensuring absolute security.
Second is separation of authority. With growing industry participation, early reliance on internal teams is no longer sufficient. Even remote work increases insider risks—there have been cases of employees compromised by North Korean actors gaining elevated privileges. Thus, we cannot fully trust internal processes. External independent third parties must be introduced to hold and verify certain keys. Many custody firms, security companies, and insurers now offer this service—holding keys for different tiers (hot, warm, cold)—acting as independent entities with their own security protocols. This exponentially raises the cost and difficulty of successful attacks.
Finally, geographic dispersion. We’ve done fairly well here—teams and systems are globally distributed. Overall, we must design internal architecture based on minimal trust and zero-trust principles. Combine layered asset management with strict access controls, comprehensive software/hardware security modules, and closed-loop lifecycle management. Add real-time monitoring and post-incident emergency response plans—only then can organizations survive prolonged, high-stakes attacks.
Compliant exchanges invest more in security; offshore exchanges face growth pressure and underinvest
Colin: Personally, compliant exchanges like Coinbase seem to rarely suffer breaches, unlike offshore exchanges, which almost always get hacked—some repeatedly. Why is that? Offshore exchanges have large funds—can’t they adopt the same architectures? Or is it due to different operational models? Also, Shenyu, do you think attacks from North Korean hackers raise startup barriers so high that average entrepreneurs face prohibitive security costs, potentially stifling industry growth? Is there doubt about whether the industry can withstand such attacks?
Shenyu: My impression is that compliant exchanges prioritize security over speed. They enforce stricter controls and invest heavily in security.
Offshore exchanges, despite having substantial capital, don’t always allocate proportionally to security. Whether early Binance or others—including this latest case—breaches occur frequently.
One reason may be immense growth pressure—offshore platforms constantly iterate at high frequency and face heavy customer complaints. Compliant exchanges serve different clients—mainly institutions—who accept slower withdrawal times, including T+1, T+2, or even T+7 processing. Users tolerate this because expectations differ. These established players likely went through their own “baptism by fire” early on and accumulated extensive security experience—security incidents become a kind of corporate “coming-of-age” ritual.
As long as the industry offers sufficient profit margins, investing in SaaS-like security products should eventually meet market needs. Currently, however, awareness and willingness to pay remain low. We’ve seen excellent security tools fail commercially because revenue doesn’t cover costs—many rely on subsidies from other business lines.
That said, as offensive capabilities evolve, awareness is rising. More funding is flowing into security, creating opportunities for specialized SaaS security startups. Effective, validated architectural solutions do exist. The challenge with cases like Safe is coordination—up to four or five parties involved in a single transaction. Aligning everyone takes time, and hardware iterations are slow—creating windows of opportunity for attackers.
Once problems are exposed and discussed thoroughly, the blockchain industry typically resolves them within one or two cycles. Web2 faced similar issues—though historically less emphasis was placed on security than in crypto. Take Passkey, designed to protect passwords: after years of slow progress, it’s now seeing widespread adoption, especially in sensitive financial sectors. Underlying technologies can be reused and evolved—Apple devices, for example, continuously upgrade security features. Solutions will emerge, albeit requiring time and investment. Some aggressive, under-prepared developers may bear early costs, but the problems are solvable.
Security advice for founders: Implement zero-trust, conduct multiple audits with cross-verification, perform regular drills
Colin: Recently, a startup lost $50 million—a devastating blow, though the community supports recovery efforts. As someone with extensive experience navigating such challenges, what advice would you give founders to strengthen their security posture?
Shenyu: Founders must implement zero-trust models from day one—it’s absolutely critical. In today’s threat landscape, this is the only proven philosophy that can protect your organization. Don’t rely on single points of failure or solo smart contract audits. Minimum standard: engage 2–3 independent auditors for cross-verification to expose hidden flaws. Scale capital deployment gradually—use private and public test phases, isolate funds early, and manage risk incrementally.
There are many affordable security solutions available—monitoring systems, risk controls—that significantly increase survival odds. Use them.
Founders must balance business development with internal security rigor. Especially non-technical founders need to dedicate serious attention—ideally 20–30%—to building zero-trust architecture and cultivating a security-first culture. Without leadership emphasis, employees grow lax. Conduct regular phishing simulations and red-team exercises. Remember: hackers may be watching at any moment. Attention and resources must be prioritized accordingly.
Colin: Yes, in growing a company in this space, almost no founder or firm avoids a breach. Fortunately, if you survive it, both individuals and the industry learn and grow.
Why not participating in current Memecoin wave: Health reasons, focus on AI
Web3 Jiaozi: Shenyu, you’ve long been a prominent figure in crypto—Cobo Wallet once led mining initiatives I participated in. Lately, you’ve been quiet on industry topics. Today’s link mentions PVP only briefly. I’m curious: after the last rally, the industry seems stuck. Where do you see the next big trend?
Colin: True—you love experimenting with new things, yet this Meme coin boom passed without visible involvement. Why?
Shenyu: Mainly because my health can’t keep up—I can’t match the energy of Gen Z. Another factor: my focus is now on AI. I believe AI could bring disruptive convergence with crypto, unlocking new value. Over a year ago, at an offline event, we proposed that the ultimate users of crypto might not be humans—but AI Agents or bots. I’ve invested considerable effort learning and using AI tools. As for PVP—I just can’t keep up. Whenever I join, I end up losing money with little positive feedback. So my focus stays on AI.
Outlook on AI + Crypto synergy: AI Agents may play pivotal roles in future blockchain ecosystems
Colin: What’s your take on AI now? There was a brief AI Agent hype cycle that crashed hard—many friends lost everything betting on AI. Did anything compelling emerge from that phase? And where do you see promising intersections between AI and crypto going forward?
Shenyu: Fundamentally, AI hasn’t reached maturity yet—most applications remain proof-of-concept. Still, AI advances rapidly, with constant improvements in compute power and models. We’re waiting for AGI—artificial general intelligence.
Regarding crypto, two aspects stand out. First, AI thrives in fully digital, transparent environments—perfect for blockchain’s open data structure. AI could revolutionize user interaction, helping navigate complex smart contracts and counterintuitive security procedures. I joke that now, whenever I interact with DeFi, I remotely deploy several AI agents to monitor my actions. In the future, you might have human engineers assisted by one or two AI agents watching screens. Going further, AI could directly connect to blockchain networks.
Imagine AI agents interacting—exchanging value, data, even forming loose organizational structures akin to DAOs or informal companies. They might use smart contract platforms for value transfers. I envision that in three to five years, blockchains could host a social or value-exchange network primarily used by AI agents. Once realized, this could generate unprecedented value and impact—far exceeding today’s trillion-dollar internet giants. This could surpass even current Web3 valuations. I’m actively exploring what this looks like and how we can contribute. Despite the lack of breakthrough applications in the past few years, I remain optimistic. Obstacles exist, but they’re surmountable. I look forward to that future.
Solution to Safe wallet blind signing: Enterprise signing tool + AI risk control + whitelist/blacklist management
TheCheerSong: I'm an on-chain automated trader. After this incident, while keeping operations running, we’re upgrading our security measures. The biggest pain point remains Safe wallet blind signing. We’ve applied open-source permission control modules to Safe, automating most transaction requests—now using Safe mainly for manual token transfers. For simpler request types, are there any existing tools to verify signature content?
Shenyu: Someone mentioned earlier—we’ll release our internal toolset next week as a commercial product: the Safe Enterprise Signing Tool. It works by holding one Safe private key, then using machines along with blacklists/whitelists and customizable risk templates—such as limiting token amounts, transaction speeds, setting access lists—combined with AI Agent capabilities and loss threshold detection. This allows us to clearly define and manage risk throughout the process.
When paired with Cobo’s existing Argus platform—on-chain ACL-based contract and parameter controls—I feel this is currently the only way I can confidently transact large sums on-chain. This reflects our current security best practices.
Expert perspectives on wallet security in the Bybit hack
During this Space session, BlockSec CEO Professor Zhou Yajin, OneKey Chief Growth Officer Nig, and Cobo Chief Security Officer Moon shared their insights.
On the exchange security aspect of the Bybit incident, Professor Zhou Yajin stated the breach occurred due to mismatched intent and execution during Safe contract wallet operations, resulting in malicious wallet upgrades and fund theft—the exact cause remains undisclosed. Many projects assume multisig wallets like Safe are inherently secure, overlooking that security spans operational, non-technical, and technical dimensions. Vulnerabilities exist in key management, transaction interpretation, inadequate safeguards during custody, signing, and transaction decoding, and poor handling of usability-security tradeoffs. Large multisig transfers involve long trust chains but lack dual verification of transaction meaning and interface display. Therefore, managing large funds via contract wallets requires third-party validation, whitelisting, decentralized authority, and flexible policy controls.
On recurring Safe frontend tampering and mainstream multisig security, Moon noted that the Safe protocol and contracts themselves are relatively secure, but practical usage involves long trust chains prone to failures. The Bybit attack was likely due to outsourcing issues rather than contract flaws—highlighting the importance of daily security awareness. Secure Safe usage requires vertical technical controls (e.g., isolated devices) and horizontal signer independence. Simply adding more signers isn’t enough—each must independently verify using separate environments and systems to avoid cross-contamination exploited by hackers. Exchanges and high-net-worth individuals should also establish manual reconciliation, anomaly monitoring, automated auditing, and heightened awareness to resist Web2-style attacks. Cobo will launch an MPC + Safe management solution, leveraging Safe’s multisig functionality while enabling each signer to have an independent, end-to-end signing pipeline.
On hardware wallet issues in the Bybit hack, Nig explained Bybit used MPC-controlled EOA wallets (due to easier signature parsing), whereas Safe smart contract signatures are complex and hard to interpret—security teams may have missed anomalies. Existing hardware wallets (e.g., Ledger) lack performance to parse complex contracts and prevent blind signing. Had proper tools existed, the attack might have been avoided. Shenyu’s team and OneKey have already developed relevant parsing tools. Ledger’s Clear Signing progress is slow, and signature data transmitted from online devices can be tampered with—relying solely on hardware parsing is insufficient. Bybit lacked alerts; after the first signer was compromised, others blindly signed due to device limitations. High-net-worth individuals and institutions should isolate transaction-related online devices from work equipment to reduce intrusion risk—Radium’s prior breach may have stemmed from unisolated environments.
On Safe security, third-party monitoring, and AI in blockchain security, Professor Zhou emphasized Safe’s historical reliability due to extensive audits, but lengthy usage flows introduce risk. His team developed the Falcon Safe security system, offering third-party transaction analysis—interpreting transfers and contract interactions—to lower cognitive load and prevent mistakes. Regarding AI, while it lowers attack costs (e.g., mass phishing tool generation), the industry is exploring AI-auditing integration and automated code review. Though far from ideal, AI can reduce user friction and help manage complex crypto interactions.
On hardware wallet concerns, Nig responded that unlike some peers who promote sales spikes post-hack, OneKey focuses on education. Sales increases reflect growing awareness of private key security. Hardware wallets bear responsibility in this incident—Ledger and Safe underperformed. Safe has suspended frontend and native support. Previous-gen hardware wallets limited parsing for security; next-gen models like Ultra and Pro will enhance local parsing of complex contracts and display core transaction elements. Classic models will show key fields. Apps will support mainstream EVM transaction parsing, with hardware-side implementation slightly delayed due to rigorous testing. For Safe, upcoming updates will demonstrate anti-attack methods and strengthen user education. Despite diverse approaches—OKX’s reluctance to integrate hardware wallets, institutional MPC adoption—the core principle remains: hardware wallets provide physical isolation. Even with mnemonic standard upgrades, this foundational defense won’t change.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
吴说区块链
