Member-only story
My Opinion on Recent Bybit’s $1.4B Hack — The Biggest in Crypto History
Don't ever bypass standard security protocols when making cryptographic transactions
It only took one signature to lose $1.4B for Bybit — The biggest-ever hack in history! Bybit is the world’s second-largest cryptocurrency exchange by trading volume.
The blind signing of smart contracts is the biggest threat to your crypto assets.
Blind signing is when a smart contract transaction is approved without comprehensive knowledge of its contents.
Bybit routinely transfers funds from their cold wallet to their hot wallet. Their cold wallet is a multi-sig wallet. The multi-sig function was enabled by deploying a smart contract from Safe. Multi-sig means that at least 3 out of 5 signers should be signed to execute the transaction.
The attackers installed malicious code into all three signers’ computers. The malicious code was written to change Safe’s smart contract logic to get full access to the cold wallet. The attack was designed to activate during the next Bybit transaction because the attack initially needed to get 3 approvals (signs) from the three singers. The code was designed to show the correct…
