Bybit crypto exchange's ETH treasury/wallet hacked

Welcome to the Precious Metals Bug Forums

Welcome to the PMBug forums - a watering hole for folks interested in gold, silver, precious metals, sound money, investing, market and economic news, central bank monetary policies, politics and more.

Why not register an account and join the discussions? When you register an account and log in, you may enjoy additional benefits including no Google ads, market data/charts, access to trade/barter with the community and much more. Registering an account is free - you have nothing to lose!

pmbug

pmbug

Your Host
Administrator
Benefactor
Messages
17,759
Reaction score
6,450
Points
268
Location
Texas
United-States
Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic. As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.

Our security team, alongside leading blockchain forensic experts and partners, is actively investigating the incident. Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us.

We want to assure our users and partners that all other Bybit cold wallets remain fully secure. All client funds are safe, and our operations continue as usual without any disruption.

Transparency and security remain our top priorities, and we will provide updates asap
Click to expand...



Bybit has suffered one of the largest crypto hacks in history, with over $1.46 billion worth of Ethereum and staked assets drained from the exchange’s cold wallet. According to ZachXBT, the blockchain analyst who first flagged the suspicious outflows, the hacker moved 401,346 ETH—worth approximately $1.1 billion—along with staked Ether (stETH-USD) and MegaETH (mETH) to a fresh wallet, where they have begun liquidating the stolen funds.
...
Following the hack, the attacker quickly began offloading the stolen funds, selling around $200 million worth of stETH on decentralized exchanges, according to Etherscan. This sell-off contributed to a 4% drop in Ethereum’s (ETH-USD) price, while Bitcoin also slid by more than 1.5%.
...
Click to expand...

markets.businessinsider.com

Hacker Drains $1.46B from Bybit’s Cold Wallet in Massive Security Breach

Bybit has suffered one of the largest crypto hacks in history, with over $1.46 billion worth of Ethereum and staked assets drained from the exch...
markets.businessinsider.com markets.businessinsider.com
 


If it's true that ByBit was using an insecure browser based wallet to manage their treasury account(s), it seems like a potential breach of fiduciary duty.

I read a comment the other day from a developer from a another crypto project (I can't remember if it was a EGLD, SUI or SOL developer) that was saying the problem with the ByBit hack was because ETH (he probably meant ETH smart contracts) was mutable. His crypto project (and most newer crypto projects AFAIK) were immutable and this sort of hack was not possible on their chain. I did not understand what he talking about, so I didn't make a note of it or share it, but I think it makes sense now.
 
Last edited:
Correct. The Ledger Nano is a specially built USB drive that holds keys. The hardware device can interact with software wallets (including browser based wallets), but the keys are always secured on the hardware (never transmitted to a software wallet when authenticating a transaction request).
 
...
The incident represents a significant evolution of these attack patterns, introducing sophisticated UI manipulation techniques not previously seen. Instead of just exploiting protocol mechanics, the attackers employed advanced social engineering through manipulated interfaces, allowing them to compromise a significant institutional multisig setup.
...
This hack sets a new precedent in crypto security by bypassing a multisig cold wallet without exploiting any smart contract vulnerability. Instead, it exploited human trust and UI deception:
  • Multisigs are no longer a security guarantee if signers can be compromised.
  • Cold wallets aren’t automatically safe if an attacker can manipulate what a signer sees.
  • Supply chain and UI manipulation attacks are becoming more sophisticated.
...
The Bybit hack has shattered long-held assumptions about crypto security.

Even with airtight technical defenses, human error remains the biggest vulnerability. This attack highlights how tactics like UI manipulation and social engineering can compromise even the most secure wallets.

Crypto security must evolve beyond just cryptographic trust—it must account for human vulnerabilities, advanced malware threats, and UI manipulation attacks. The industry needs to rethink how transactions are verified and how multi-layered, independent verification processes can prevent such catastrophic breaches in the future.
Click to expand...

More:
blog.checkpoint.com

What the Bybit Hack Means for Crypto Security and the Future of Multisig Protection - Check Point Blog

Executive Summary: In one of the largest thefts in digital asset history, hackers gained access to an offline Ethereum wallet and stole $1.5 billion worth
blog.checkpoint.com blog.checkpoint.com
 
Ledger is pushing a "Clear Signing Initiative". It's a campaign to enact a protocol standard for all crypto that makes committing a transaction easier and more secure:



Key Takeaways:
— Blind signing poses a significant obstacle to the security and growth of the digital asset ecosystem. Scammers have exploited this vulnerability, siphoning billions of dollars from unsuspecting users across various platforms and blockchains.

— Ledger has devised a standardized method to transform complex smart contract data into clear, human-readable information, ensuring“what you see is what you sign.”

— Achieving widespread adoption of Clear Signing necessitates collaboration across the digital asset ecosystem, thus, Ledger is actively engaging with industry leaders, blockchain developers, and partners committed to this initiative.
...
Click to expand...

More:
www.ledger.com

Ledger’s Clear Signing Initiative: Paving the Way for Safer Transactions

Recognizing the critical need for improvement across the digital asset ecosystem, Ledger is proud to introduce the Clear Signing initiative.
www.ledger.com www.ledger.com

MetaMask has joined them on the project.

The clear signing protocol would likely have prevented the ByBit hack had it been implemented.
 
This post may contain affiliate links for which PM Bug gold and silver discussion forum may be compensated.
You must log in or register to reply here.
Back
Top Bottom