In February 2025, one of the largest breaches in crypto history stunned the digital asset world. Bybit, a major exchange, lost $1.5 billion in a targeted cyberattack. Despite using multi-factor authentication (MFA), password policies, and access controls, the attackers succeeded—swiftly and silently.
This breach didn’t happen due to negligence. It happened because of a fundamental flaw in the industry’s security model.
The attack on Bybit revealed what many have suspected: identity-based security no longer works. And unless the industry evolves, these breaches will keep happening.
The Fatal Flaw: Identity Is Not Access
For years, digital asset platforms have relied on identity-based models—verify who someone is, then let them in. These systems use usernames, passwords, and tokens to confirm identity.
But here’s the problem: identification doesn’t prove authorization. Verifying who someone is doesn’t mean they should access a system. This identity-authentication gap is a critical weakness—and attackers exploit it daily.
In identity-based setups, one stolen credential—be it a password or API key—can open up entire systems. And once inside, attackers move laterally across platforms, wallets, and services. It’s exactly what happened at Bybit.
AI Has Outpaced Traditional Security
The rise of AI-powered attacks has made identity-based security even more vulnerable. Attackers now use automation, deepfakes, and hyper-targeted phishing to bypass human safeguards.
A 2024 Capgemini report showed that 97% of organizations experienced breaches linked to AI-generated threats. In Bybit’s case, attackers used phishing, SIM-swapping, and intercepted MFA codes to break through. Once they had access, the damage was instant—and irreversible.
Legacy tools like MFA and password managers can’t keep up. The attack surface has changed, but the defense strategy hasn’t.
A New Model: Encryption-Based Access with ML-DAES
To prevent these failures, the industry needs a new foundation. That’s where ML-DAES (Multi-Layer Dynamic Access Encryption Security) comes in.
ML-DAES eliminates passwords and API keys. Instead, it uses encrypted, application-specific credentials that users never see, store, or share. There’s nothing to phish, steal, or misuse. And because every credential is system-specific, even if one access point is compromised, it can’t be used elsewhere.
This shifts authentication away from identity toward encrypted authorization—a model that neutralizes phishing, prevents lateral movement, and removes insider credential risk.
What If Bybit Had Used ML-DAES?
Phishing emails would fail—there’d be no credentials to hand over.
SIM-swapping and MFA interception would be irrelevant.
API keys wouldn’t exist in a usable format.
Even if attackers breached one system, they’d go no further. ML-DAES would have segmented access, blocked lateral movement, and rendered stolen access useless.
In short: the breach wouldn’t have happened.
Beyond Security: Compliance and Efficiency
ML-DAES also automates compliance. With immutable, cryptographically signed access logs, firms meet regulations like MiCA, SEC, and GDPR effortlessly.
IT teams save time with no password resets or manual provisioning. And with fewer breaches, insurers lower premiums. The result is stronger security, smoother operations, and reduced costs.
The Industry Must Move Forward
The Bybit attack isn’t just a cautionary tale—it’s a turning point. Identity-based security is no longer viable in a world of AI threats and automated exploits.
To protect billions in digital assets—and the trust of investors—the industry must transition to encryption-based access models. ML-DAES offers a proven way forward.
The time to act is now. Not with more patches, but with a complete security rethink—one built for today’s threats, not yesterday’s assumptions. 

In maritime cybersecurity, the most dangerous threat isn’t always the one making headlines. While malware and ransomware draw attention, over 90% of cyberattacks actually begin with something far simpler: stolen credentials.
In maritime operations, this vulnerability is magnified. High crew turnover, remote systems, widespread third-party access, and complex logistics create countless entry points. Passwords are routinely shared, reused, or stored insecurely—turning them into the weakest link in otherwise secure environments.
The hard truth? Your greatest cyber risk isn’t malware—it’s credential misuse. And no firewall or antivirus can fully protect your systems if access remains tied to passwords your crew must manage.
Why Traditional Access Models Fall Short
For decades, maritime organizations have relied on identity-based security—verify someone’s identity, then grant access. But this model hinges on employee-managed passwords, which are inherently flawed.
Despite training, phishing remains a persistent threat. Credentials are reused, forgotten, or exposed. And once one set is compromised, attackers can move laterally through connected systems, escalating the damage.
The root of the issue is a dangerous assumption: that knowing who someone is equates to confirming they’re authorized. This identification-authentication gap leaves maritime operations vulnerable to a single point of failure.
A Smarter Model: Encryption-Based Access with ML-DAES
To eliminate this risk, access control must evolve. MyCena’s Multi-Layer Dynamic Access Encryption Security (ML-DAES) removes passwords entirely from human control.
With ML-DAES, encrypted, dynamic, system-specific credentials are automatically created and distributed—without ever being seen or handled by employees. There’s nothing to share, store, or steal. Even if someone clicks on a phishing link, attackers are left empty-handed.
This approach makes access tamper-proof, phishing-proof, and audit-ready—without changing how your crew operates.
In high-risk maritime scenarios like port operations, across shipping fleets or offshore platforms with rotating teams, ML-DAES secures all systems access without disrupting workflows.
Compliance Made Simple—And Cost-Efficient
ML-DAES doesn’t just boost security—it simplifies compliance with GDPR, IMO, and other maritime regulations. Automated credential management and real-time access logs make audits seamless. IT teams save time, and organizations often qualify for lower cyber insurance premiums thanks to dramatically reduced breach risk.
Chart a New Course in Cybersecurity
You can’t stop threats from targeting your ships. But with ML-DAES, you can stop them from getting in.
This is more than a cybersecurity solution—it’s a strategic shift that strengthens resilience, protects data, and builds trust across your entire operation. Ready to reduce risk and take the burden off your crew?
Contact us today to schedule a tailored demo or request a security assessment for your maritime operations.

Today is World's password day. But have you asked the question: why does this day even exist?

Imagine if employees made their own keys to the office. That would be INSANE, right?

SO WHY LET EMPLOYEES MAKE THEIR OWN PASSWORDS?

Especially when 95% of breaches are due to human error (source: WEF).

It is time to companies to flip the script and start controlling their own access.
Using MyCena Security Solutions, companies generate and distribute highly secure encrypted passwords to employees so they never know them and can't disclose them.

No more password to create, type or remember. And no identity to steal.

With no password protection, a Microsoft server containing a variety of security credentials used by Microsoft employees to access internal systems was accessible by anyone on the internet.

Access is the biggest weakness in cybersecurity. Companies need to control their credentials and encrypt them so they can't be known and disclosed.

'GoldPickaxe' malware steals facial recognition data, likely because banks and government agencies are adopting biometric scans.
=> Identity biometrics are just 0 and 1, and criminals know it.
=> What's worse? Once stolen, they can't be changed.
https://lnkd.in/eCVbjQNE

With no way to validate identity from users' biometric, financial systems are massively exposed to identity theft fraud.

=> Biometric authentication are handy PIN code replacement but not more secure. Why? Because your fingerprints, your face, and your voice are not secrets.

=> Biometrics are increasingly being scraped, stored, and analyzed by threat actors.

=> By exploiting IP cameras' video databases, hackers can gather bits of iris and fingerprint and "with enough repetition, compute power, and time, they can potentially crack a person’s full biometrics."

=> "Biometric data is useful for in-person authentication, and really dangerous for remote authentication". Biometric data are like a complex key. Once transmitted, users aren’t authenticating the actual biometric, they are verifying something that looks a lot like a password.

our financial system is built in a lot of assumed-but-not-verified trust.will continue to be exacerbated by technologies like deep fakes as long as our banking institutions trust transmitted copies of a biometric.”