$1.5 Billion Bybit Hack: A Look Back and Warnings From Ethereum Security Experts

  • Crypto Ecosystems -
  • $1.5 Billion Bybit Hack: A Look Back and Warnings From Ethereum Security Experts

$1.5 Billion Bybit Hack: A Look Back and Warnings From Ethereum Security Experts

On Friday, North Korea’s state-sponsored hacker group Lazarus carried out one of the largest attacks ever on a centralized cryptocurrency exchange. Over $1.5 billion was stolen from Bybit’s Ethereum cold wallet, raising alarm bells about cybersecurity across the industry.

How the Attack Worked

According to a report from Bybit, the attack began when the system detected unusual activity during a transfer from a multi-signature cold wallet to a hot wallet. Hackers manipulated the smart contract code, forging the signing interface, thereby taking control of the wallet.

The stolen funds included 401,347 ETH (estimated at $1.12 billion), 90,376 stETH ($253.16 million), 15,000 cmETH ($44.13 million), and 8,000 mETH ($23 million). After withdrawing the funds, Lazarus split the assets into multiple wallets and converted them to ETH via decentralized exchanges.

Security Vulnerability Suspicions

After the incident, Bybit is investigating a vulnerability in Safe{Wallet}, a popular self-hosted multi-signature wallet in the industry. However, Ethereum experts believe that Safe is still secure, and the vulnerability may lie in the fact that the signing device has been infected with malware.

According to SEAL 911, Lazarus may have hijacked multi-signature signing devices, displaying a fake Safe interface, making them believe they are approving legitimate transactions. Transaction analysis shows that Lazarus used delegatecalls to swap Safe contracts with custom code, giving them control.

Insider Threat

Many reports point to the possibility of insider involvement. Lazarus has exploited compromised cryptocurrency developers with malware sent via Telegram, similar to how they previously attacked Radiant ($50 million) and WazirX ($230 million).

How to Prevent

The loss of billions of dollars in capital has forced the decentralized finance industry to take more stringent security measures. Experts recommend:

Use off-network signing devices

Incorporate multiple verification interfaces

Set up timelocks for Safe wallets

Check transactions carefully before signing

Vigilance and strict control procedures are the only way to prevent similar attacks in the future.

Stay Connected
ad
Tags