News 
Coin Information 
About us 
Customer Service 
Ledger, one of the longest-running names in hardware wallets, is urging Korea’s financial sector to rethink what “security” means in a digital-asset era—arguing that the last line of defense is not a feature or a policy, but 'human sovereignty' built into system architecture.
Speaking Tuesday at the Institutional Web3 Forum in Seoul, Takatoshi Shibayama, APAC head of Ledger Enterprise, said the rapid convergence of traditional finance and digital-asset infrastructure under emerging regulation is forcing institutions to reassess assumptions that worked for legacy systems. “This is the moment that determines whether Korea remains a country that creates wealth—or a country that preserves wealth,” he said, adding that protecting assets is ultimately harder than generating them.
The event, held at the Glad Hotel in Seoul’s Yeongdeungpo district, brought together roughly 100 invited participants from banks, brokerages, insurers, fintech firms, and digital-asset companies. It was co-hosted by TokenPost, the Korea Fintech Industry Association (KORFIN), and the Open Blockchain & AI Association (OBDIA), with Bithumb, Coinone, and Korbit serving as official sponsors.
Shibayama framed his remarks around a central distinction: in traditional financial breaches, attackers often steal data; in crypto, they can steal 'the money itself'. “You can’t apply the same security standards,” he said, calling for a shift from software-centric controls to architecture-level protection that keeps final authorization in human hands.
In his presentation, titled “The paradox of technological progress: why human sovereignty is the final line of defense,” Shibayama outlined three accelerating threat vectors—AI, governance attacks, and quantum computing—arguing that they differ in form but converge on a shared failure mode: 'blind signing', where users authorize transactions without being able to independently verify what is being approved.
AI: always-on adversaries and automated crime
Shibayama warned that AI agents are rapidly expanding what both legitimate users and criminals can automate—ranging from code generation and contract negotiation to convincing human impersonation. As trading and treasury workflows shift toward AI-driven execution, he said, criminal operations will follow. “AI can identify infrastructure vulnerabilities and run real-time attacks 24/7,” he cautioned.
His proposed mitigation emphasized hardware-enforced separation of duties. Instead of relying on patches and software prompts alone, Shibayama argued institutions should adopt a model where software merely requests permissions, a human must approve, and the final signing key is physically separated from AI authority. The principle, he said, is to ensure that automation cannot silently escalate into unilateral control over funds.
Governance attacks: when the protocol works—on the wrong input
The second risk area focused on governance and authorization pathways—often treated as operational plumbing rather than primary attack surfaces. Shibayama cited incidents involving Drift and Kalda to illustrate how attackers can extract large sums by manipulating the decision-making layer rather than “breaking” cryptography.
In the Drift case, he said social engineering enabled attackers to steal $285 million in about 12 minutes. In the Kalda incident, he described a different mechanism: malicious instructions were inserted into validator-node processes so that funds were routed to attacker-controlled addresses. Despite differing methods, he argued the common denominator was that the system dutifully executed valid actions based on compromised or misleading inputs.
“The protocol operated normally, but it received incorrect information,” Shibayama said, adding that the real breakdown occurred because the authorizing party—often an automated workflow—could not clearly see what it was signing. For institutions, he framed 'human-readable verification' not as a premium feature but as a baseline requirement for any transaction approval flow.
Quantum computing: shorter timelines, higher urgency
The third threat was quantum computing, which Shibayama said is increasingly being discussed not as a distant risk but as a medium-term planning constraint. Citing a March white paper from Google’s AI division, he said the resources required to break the elliptic-curve cryptography used by Bitcoin (BTC) and Ethereum (ETH) have been estimated at roughly 20 times less than previously believed, with the paper pointing to around 500,000 qubits as a reference level.
He noted that Google’s “Willow” system is currently at 105 qubits, while the company is targeting a post-quantum transition by 2029. By comparison, he said, banks and governments often work on 2030–2035 migration schedules—timelines that may be too slow for digital assets given the irreversibility of onchain transfers and the scale of automated settlement. “Digital assets need to respond much faster,” he said.
From “features” to architecture
Across the three threat categories, Shibayama returned to the idea that modern crypto risk is increasingly about authorization—who can approve what, and under what visibility—rather than only perimeter defense. In his view, 'blind signing' is the core systemic weakness: users believe they are in control, but in practice they approve actions without sufficient verification.
Ledger’s recommended direction centers on defaults: hardware-based security, explicit signing structures that make transaction intent readable to humans, and post-quantum-ready architecture planning. “No transaction should be executed if a human cannot verify what it is,” Shibayama said.
He concluded by rejecting the framing of security as a discretionary spend or a reactive add-on. “Security is not a cost, not after-the-fact response, and not a feature,” he said. “The final line of defense is human sovereignty.”
🔎 Market Interpretation
- Security definition is shifting from “data protection” to “asset authorization.” Ledger argues that in crypto, attackers can steal funds directly, so institutions must prioritize who can approve transfers and how intent is verified—not only perimeter defenses.
- Korea’s institutional Web3 readiness is framed as a competitiveness issue. As regulation accelerates convergence between traditional finance and digital-asset rails, the ability to protect digital assets becomes a determinant of whether institutions can safely expand into new revenue models.
- Threats are converging on a single systemic weakness: blind signing. AI-driven workflows, governance/validator manipulation, and future quantum risks all amplify the danger of authorizing transactions without human-verifiable clarity.
- Market demand likely rises for hardware-rooted, policy-enforced custody and signing stacks. “Security as architecture” implies growth for solutions that enforce separation of duties, explicit transaction display, and multi-party approvals at the device/key level.
💡 Strategic Points
- Design approval flows around “human sovereignty.” Treat the human approver as the final control point by ensuring no transfer can be executed unless a person can independently verify what is being signed (recipient, amount, chain, contract method, risk flags).
- Mitigate AI as an “always-on adversary” with hardware-enforced separation of duties. Let software/AI propose actions, but require out-of-band human confirmation and keep signing keys physically and logically isolated from AI execution environments.
- Elevate governance and authorization pathways to primary security surfaces. Incidents like Drift and Kalda are presented as examples where systems executed “valid” actions based on compromised inputs; institutions should audit not only code, but also the decision-making and validator/operator processes.
- Eliminate blind signing through structured, human-readable signing. Adopt explicit signing schemas (clear intent and parameters) and wallet/custody tooling that can display and verify transaction semantics, not just raw hashes.
- Plan post-quantum migration earlier than traditional finance timelines. The article highlights shrinking estimates to break ECC and cites Google’s 2029 target; digital assets may need faster transitions due to irreversible onchain settlement and automated execution.
- Reframe security budgeting and governance. Security is positioned as a default architectural requirement—not a feature request or post-incident expense—implying board-level ownership, measurable controls, and pre-defined approval policies for treasury operations.
📘 Glossary
- Human sovereignty: A security principle where final transaction authority remains with a human who can verify intent, rather than being delegated to opaque automation or software-only prompts.
- Blind signing: Approving a transaction without being able to confirm its real-world meaning (e.g., unknown contract call, hidden recipient/amount), often because the signer sees only a hash or unreadable data.
- Separation of duties: A control model that splits responsibilities (request, review, approval, signing) across different roles/systems so a single compromised component cannot move funds unilaterally.
- Governance attack: An exploit targeting decision-making/authorization processes (votes, permissions, validator operations, admin keys) rather than breaking cryptography.
- Validator node: Infrastructure that participates in verifying and producing blocks on a blockchain; manipulating its processes can reroute or authorize malicious actions.
- Elliptic-curve cryptography (ECC): The public-key cryptography family used by many blockchains (including Bitcoin and Ethereum) to secure keys and signatures.
- Post-quantum cryptography (PQC): Cryptographic algorithms designed to remain secure against attacks from sufficiently powerful quantum computers.
- Qubits: Quantum computing units of information; higher qubit counts (and low error rates) are associated with increased capability to run cryptographically relevant quantum algorithms.
- Onchain irreversibility: The property that confirmed blockchain transactions are generally final and cannot be undone, increasing the cost of authorization mistakes.
Comment 0