Bybit Hack: FailSafe CEO Discusses Prevention and Ethereum Rollback
North Korea’s Lazarus Group orchestrated a massive crypto heist, stealing $1.4 billion from Bybit’s Ethereum cold wallet. This event caused a significant dip in cryptocurrency prices.
Bybit’s CEO, Ben Zhou, assured the community that the exchange swiftly addressed the issue. They restored withdrawals within days and mobilized industry resources for assistance.However, hackers laundered the stolen funds across numerous addresses, complicating recovery efforts.
Aneirin Flynn, FailSafe’s CEO, described the attack as a sophisticated social engineering exploit. Hackers spoofed the multi-sig UI, deceiving Bybit’s team into signing malicious transactions.An audit by Sygnia Labs and verichains revealed that Lazarus agents used a compromised Safe Wallet developer’s access to deceive Bybit’s multi-sig signers.
blind signing, where users approve transactions without full verification, raised concerns. Zhou, the final signer, used a ledger hardware wallet but couldn’t fully verify the transaction details due to design limitations.
Flynn suggested that storing large digital asset clusters in a single multi-sig made Bybit an attractive target. Splitting assets across multiple addresses could mitigate such risks. He also emphasized the need for greater employee vigilance and robust transaction security tools.
Arthur Hayes, Maelstrom’s CIO, proposed rolling back Ethereum’s blockchain to reverse the hack. However, Flynn argued that this is impractical due to Ethereum’s size, complexity, and decentralization. “Rolling back Ethereum is technically possible but practically infeasible now,” Flynn stated.
