A combination of factors led to the hack. Every few weeks, funds are transferred from a cold wallet (offline storage) to a hot wallet (used for daily operations). A multisig (multi-signature) system is used, requiring approval from multiple key holders.
The Weak Links
Fake UI: Hackers manipulated the user interface (UI) of a third-party tool, tricking signers into approving a malicious transaction.
Blind Signing: Ethereum-based smart contract interactions often require “blind signing,” creating a security blind spot. In this case, the CEO did not fully check the raw code on his Ledger device before signing.
Multisig Security Bypassed: The hacker gained access to the cold wallet, draining its contents (worth over $1.4 billion). All required signers approved the transaction, highlighting the devastating consequences of the hack.
In a podcast, Ben admitted he did not fully check the raw code on his ledger device before signing. This allowed the hacker to gain access and control over Bybit’s Ethereum.
Who was behind this massive crypto hack? Investigators found that it was the work of Lazarus Group, a notorious team of North Korean hackers known for pulling off some of the biggest cyber crimes in history. And get this the FBI even confirmed their involvement
But here’s the thing: the hackers didn’t just stop at stealing the Ethereum. They also managed to cover their tracks by laundering the stolen crypto through a bunch of different channels, including:
Multiple wallets
Decentralized exchanges
Cross-chain bridges
It is pretty clear that North Korea has gotten really good at laundering money either that, or they’ve got some powerful friends helping them out.
So, what happened after Bybit was hacked? Thankfully, the exchange had assured its users that their funds were safe and sound. Here’s what they’ve done and are doing to move forward:
- Working with the cops: Bybit is teaming up with law enforcement to track down the stolen funds.
- Offering a reward: They offered a 10% bounty on any frozen or recovered funds.
- Securing emergency funding: Bybit has secured a bridge loan to replace the missing Ethereum, so withdrawals can keep happening.
- Freezing suspicious transactions: They paused Safe Wallet transactions while they investigated how the hack happened.
Withdrawals during the hack phase might have been a bit slower than usual due to extra security checks and high traffic, but don’t worry you can still withdraw non-Ethereum assets without any issues. Everything is gradually moving forward now.
Bybit’s CEO, Ben Zhou, reassured users that only one wallet was compromised, and client funds were fully backed. The exchange remained financially stable and took swift action to recover the stolen funds.
They secured emergency loans and teamed up with top forensic experts, like @Chainalysis, to track down the stolen crypto. By late February, they’d already managed to freeze over $40 million. To prevent future hacks, Bybit also beefed up its security measures, moving funds to a safer system and strengthening its infrastructure.
Ethereum transactions on Bybit are as “safe” as the platform’s current security allows, backed by cold wallet storage, multisig protocols (now refined), and PoR transparency.
The Bybit hack is a wake-up call for all of us in crypto space.
Here are some crucial lessons we can learn from this incident:
1. Don’t sign off without double-checking: Blind signing can be a huge risk. Always verify transaction details on your Ledger device before signing off.
2. Multisig isn’t a silver bullet: Even with multiple signers, a compromised user interface can still lead to security failures.
3. Cold wallets aren’t foolproof: If keyholders don’t follow proper security procedures, even an offline wallet can be compromised.
4. North Korea is still a major threat: Lazarus Group continues to target the crypto industry, exploiting human error and security weaknesses.
The Bybit hack is a major reality check for all of us in the crypto space. As Bybit recovers from the loss, it’s clear that we need to step up our security game.
- Better security is a must: We need more robust measures to protect our crypto.
- Verify, verify, verify: Always double-check transactions on your hardware wallet before signing off.
- Stay alert to phishing scams: Be cautious of suspicious emails, messages, or websites.
If you’re holding crypto on an exchange, it is time to think about taking control of your assets. Consider switching to self-custody to safeguard your funds.
Ultimately, security is only as strong as the person using it. Stay vigilant, and always prioritize caution when dealing with crypto.
What’s your take? Would you still trust a centralized exchange with your funds?
If you enjoyed this read consider following our medium page.
https://x.com/shuttle_web3
https://t.me/shuttle_web3
