Adapted by:
Javier Márquez
WriterI've been in media for over a decade, but I've been marveling at the possibilities that technology brings us much longer. I believe we live in a world where the digital revolution is changing everything and that Xataka is the best place to write about it.
Alba Mora
WriterAn established tech journalist, I entered the world of consumer tech by chance in 2018. In my writing and translating career, I've also covered a diverse range of topics, including entertainment, travel, science, and the economy.
When someone purchases cryptocurrencies through an app, they often leave their assets stored directly on the platform. This means the security of their investments depends on a digital wallet managed by a third party. However, experience has shown that these apps aren’t completely immune to cyberattacks, which means the assets stored could be at risk of being breached or stolen.
Many users of Bybit, one of the world’s largest crypto exchanges, recently experienced an unprecedented setback. A group of cybercriminals linked to North Korea executed the largest cryptocurrency theft in history. The attack highlights critical lessons about security and the risks involved in the crypto ecosystem.
An unprecedented theft. On Feb. 21, Bybit suffered a serious security breach that resulted in the theft of $1.5 billion in cryptocurrencies. How could a platform managing nearly $20 billion in deposits fall victim to such a significant attack?
The source of the attack. Computer attacks rarely result from a single vulnerability. In most cases, a combination of several factors leads to a security breach. This was the case in the recent Bybit hack, which could have been avoided if timely measures had been implemented.
In July 2024, cybersecurity company Check Point published a white paper warning about a weakness in Safe, a free software used for cryptocurrency trading. According to the document, the execTransaction function could be exploited to manipulate transaction data and execute malicious code.
Three to four months prior to the attack, Bybit CEO Ben Zhou acknowledged that his team had already detected compatibility issues between Safe and the platform’s security systems. However, this warning didn’t lead to any concrete action. “We should have upgraded and moved away from Safe,” Zhou admitted in an interview with The New York Times.
An invisible trap. On Feb. 21, shortly before midnight, Zhou logged in from home to approve, alongside two other executives, a significant Ether transfer from a multisig account linked to the platform. Although it appeared to be a routine transaction, it ultimately led to disaster. Zhou used his Ledger cold wallet to sign the transaction, relying on the information displayed on his computer screen.
The signers thought everything was in order. The addresses, amounts, and functions matched their expectations. However, they were unaware that attackers had already compromised part of Safe’s infrastructure. Malicious code inserted into the system manipulated the information displayed on their screens, leading Zhou and his team to unknowingly approve a fraudulent transaction. The inevitable outcome was that the funds ended up in a wallet controlled by the hackers. While everything was recorded on the blockchain, it was too late to reverse the transaction.
The panicked call. About 30 minutes later, Bybit CFO Rahul Rumalla phoned Zhou. “All of the Ethereum is gone,” he said in a trembling voice. Zhou immediately headed to Bybit’s Singapore offices and activated an internal crisis protocol. Unfortunately, there was little the team could do. Transactions of this nature can’t be reversed. The efforts were focused on investigating what happened, reassuring customers, and implementing measures to enhance security.
A brilliant strategy. There was no flaw in the smart contract code or the multisig system. The issue laid within a well-orchestrated trap. The attackers manipulated the interface and the signature flow, tricking signers into authorizing fake transactions without realizing it. This revealed a significant vulnerability. Even with multiple signatures and high-level encryption in place, the hack can succeed without hindrance if everyone sees the same manipulated information.
Image | appshunter.io
Related | Researchers Successfully Cracked the Password on an Old Crypto-Wallet. Their Reward: $3 Million
View 0 comments