Bybit Hack: Lessons Learned and Why an Ethereum Rollback is Unfeasible

The recent Bybit hack, one of the largest cyber heists in financial history, has sent shockwaves through the cryptocurrency market. North Korea’s Lazarus Group breached Bybit’s Ethereum cold wallet, stealing over 400,000 ethereum worth $1.4 billion at the time. In an interview with crypto.news, Aneirin Flynn, co-founder and CEO of FailSafe, discussed the hack, preventive measures, and why an Ethereum rollback is not a viable solution.

The Hack: A Sophisticated Social Engineering Attack

According to Flynn, the hack was a sophisticated social engineering attack, similar to those used against Radiant Capital, DMM Bitcoin, and WazirX. In Bybit’s case, hackers spoofed the multi-sig UI, and the team unknowingly signed malicious transactions. An audit by Sygnia Labs and Verichains found that Lazarus agents used compromised access from a Safe Wallet developer to deceive Bybit multi-sig signers.

Multi-Sig Blind Signing and Asset Segregation

The incident raised concerns about blind signing, where users approve transactions without fully verifying details. However, Flynn believes that blind signing is not the primary issue in this case. Instead, he points to large digital asset clusters maintained by most centralized exchanges and protocols as a major vulnerability. Bybit’s decision to store billions of crypto in a single multi-sig made it an attractive target for hackers.

Splitting assets under management across multiple addresses may stem the problem. While greater employee vigilance and robust transaction security tooling would have reduced the likelihood of a successful theft, segregating assets would have been the most effective way to reduce the exchange’s appeal to attackers.

Ethereum Rollback Not the Solution

Some have suggested rolling back Ethereum’s blockchain to reverse the Bybit hack, but Flynn argues that this is not a feasible solution. While a hard fork is technically possible, the size, complexity, and decentralization of the Ethereum network make it practically infeasible.

Ethereum rollback would break too many protocols and smart contracts, causing more harm than good. Flynn notes that the 2016 DAO hack, which led to a fork in the Ethereum blockchain, was an existential crisis for Ethereum at the time, but the current market is very different.

Preventive Measures and Lessons Learned

The Bybit hack highlights the importance of robust security measures and employee vigilance. To prevent similar attacks, exchanges and protocols can take the following steps:

  • Segregate assets under management across multiple addresses
  • Implement robust transaction security tooling
  • Conduct regular security audits and testing
  • Provide ongoing employee training and education on security best practices

For more news and updates on the cryptocurrency market, visit Global Crypto News.

Post Views: 1