by Lior Lamesh, Forbes Councils Member A version of this article was originally published by Forbes.com. As institutional interest in digital assets grows, the conversation must shift beyond market potential to a more critical issue: the security of these assets. At the heart of the conversation lies an often misunderstood challenge: how to effectively secure digital assets against the growing number of sophisticated cyber threats. As the Bybit hack demonstrated, security is no joke. Financial institutions must adopt custody solutions designed to prevent incidents like this. Because let’s face it, recovering from such breaches is incredibly tough. Cold custody has long been considered the gold standard for asset protection, but this approach is far from foolproof. In fact, many institutions may be unknowingly exposed to risks due to misconceptions about what true security really looks like. Misconception 1: “Cold” means secure. The term “cold storage” suggests total disconnection from the internet, but in practice, many solutions fall short. The term has been stretched beyond its original meaning. Most hardware wallets, for example, require periodic internet connectivity for transaction signing, as every blockchain transaction requires input from the blockchain. If a device interacts with the online world at any point, it’s not truly offline. Misconception 2: Air gaps guarantee security. Air-gapped solutions are often assumed to be safe simply because they’re not plugged into the internet. But air gaps don’t eliminate all threat vectors, they just shift them. Data can still travel through physical media, Bluetooth or even malware-infected peripherals. Air-gapped systems might still rely on USBs or QR codes—vectors that can be compromised. The assumption that air-gapped equals airtight is a dangerous oversimplification. Misconception 3: Brief online connections are harmless. Some cold wallets connect online “just for a moment” to finalize transactions. But for attackers, a moment is enough. As I’ve been saying for years, hackers will invest millions to steal billions. Cybercriminals today are not amateurs. They’re highly resourced, patient and strategic. If a storage solution depends on any level of digital input or online activity, even occasionally, it’s exposed to attack surfaces. This brief online connection could open the door to threats like man-in-the-middle attacks or malware injections, where attackers exploit that fleeting moment to intercept or manipulate transactions. The risk is far greater than it may seem at first glance. Misconception 4: All cold custody solutions meet regulatory standards. Regulatory frameworks are evolving, and with that evolution comes increased scrutiny on operational security. For financial institutions, a breach doesn’t just mean asset loss. It can trigger compliance failures, reputational fallout and customer attrition. Not all cold custody providers are equipped to meet the dual demands of regulation and real-world cyber threats. While some regulations already require that the majority of institutional assets be stored offline, the industry often takes advantage of the ambiguity in how “offline” is defined. Many solutions labeled as “cold” are marketed as compliant, even when they include occasional or partial connectivity. The term “offline environment” is broad enough to leave room for interpretation, and that’s where the risk creeps in. As “mostly offline” solutions slip through, institutions are left exposed to threats they believed they had mitigated. Misconception 5: You have to trade off security for functionality. There’s a common belief that “too secure” means operationally difficult. But modern innovations are proving otherwise. Impenetrable custody, for example, eliminates all digital input to the storage environment while still enabling institutions to seamlessly create and authorize transactions without ever exposing the private key. This redefines the equation: Maximum security doesn’t have to mean compromised functionality. Impenetrable custody is a new standard for security. Institutions managing billions in digital assets have a heavy responsibility on their shoulders: to find and design the most secure and effective custody strategy. However, “secure enough” is not enough, especially when the reputation of your institution and the trust of your customers are on the line. The future of finance demands more. Impenetrable custody is a new category that eliminates all digital inputs to the storage environment, even during transaction workflows. Unlike current cold custody solutions, which often rely on occasional online connections or physical access points like USBs and QR codes, each of which can be exploited by cybercriminals, impenetrable custody ensures that no hidden attack paths exist. With traditional solutions, attackers can use malware, man-in-the-middle attacks or even vulnerabilities in hardware components to access and manipulate assets. By removing any potential for digital interaction, impenetrable custody effectively neutralizes these attack vectors, creating a truly isolated environment. As I mentioned at the beginning of this article, every blockchain transaction requires input from the blockchain. The idea behind impenetrable custody is to create and sign transactions without relying on that mandatory online data. Transactions are generated and signed completely offline, and only then sent to the blockchain through one-way communication. While impenetrable custody should serve as your long-term solution for storing and protecting the majority of your treasury, other market solutions can complement it by supporting your daily operations and asset movement. Multiparty computation (MPC) is one of the safest warm wallet technologies, ideal for fast and secure operations. Generally, the more shards you divide your private key into, the safer it becomes. I recommend planning your custody strategy in a way that balances security and efficiency—allocating the majority of your assets to an impenetrable solution, while keeping a smaller percentage in an MPC setup for operational needs. For heads of digital assets, custody and innovation, the path forward is clear: Reevaluate the assumptions built into your security framework and ensure your custody infrastructure aligns with the evolving threat landscape. Engaging with your CISOs early in the process is crucial. They bring invaluable expertise to help refine your security strategy and identify areas where traditional solutions fall short. In the world of digital assets, security is crucial, and the risks of “good enough” are simply too great.