
Aneirin Flynn, co-founder and CEO of FailSafe, recently shared insights with crypto.news regarding the Bybit exploit, its implications, and why an Ethereum rollback is not a feasible solution.
The Bybit Exploit and Its Aftermath
Cryptocurrency markets faced a sharp downturn after North Korea’s Lazarus Group executed one of the largest financial cyber heists in history, breaching Bybit’s Ethereum cold wallet and making away with over 400,000 ETH, valued at $1.4 billion at the time.
Bybit’s CEO, Ben Zhou, was quick to respond, keeping the community informed and mobilizing industry resources to aid recovery. The exchange managed to fill the financial gap within days, restoring withdrawals to normal. Meanwhile, hackers laundered the stolen funds through thousands of wallet addresses, complicating tracking efforts.
Sophisticated Social Engineering Attack
Flynn emphasized that the breach was not merely a technical flaw but a highly sophisticated social engineering attack. Similar tactics had been deployed against Radiant Capital, DMM Bitcoin, and WazirX. According to an audit by Sygnia Labs and Verichains, Lazarus agents exploited compromised access from a Safe Wallet developer, allowing them to trick Bybit’s multi-signature (multi-sig) signers into approving a fraudulent transaction.
By spoofing the multi-sig UI, the attackers managed to bypass security measures and gain access to Bybit’s cold wallet, enabling them to siphon funds seamlessly.
Blind Signing and Transaction Verification
The incident reignited concerns over blind signing, a practice where users approve transactions without fully verifying crucial details, such as destination addresses. Zhou admitted to being the final signer, using a Ledger hardware wallet for approval. However, limitations in transaction verification led to the unauthorized transfer.
“Yes, blind signing is an issue, but it’s not the prime suspect in this case,” Flynn clarified. Instead, he pointed to centralized exchanges maintaining large asset clusters as the primary vulnerability. According to Flynn, Bybit became an attractive target because it stored billions of dollars worth of cryptocurrency in a single multi-sig wallet, making it a high-value mark for attackers.
Preventive Measures for Future Security
To mitigate similar risks in the future, Flynn advocated for better asset distribution. He suggested that exchanges should split funds across multiple addresses rather than consolidating large amounts into a single wallet. Additionally, improved transaction security tooling and increased employee vigilance could help reduce the likelihood of successful exploits.
Bybit’s $1.4 billion loss highlights the evolving threats in the crypto space and underscores the importance of decentralizing asset management to strengthen security against sophisticated cyber threats.