Thoughts on the $1.5B Bybit hack
Forbes has a decent write-up on the latest (and sadly greatest) crypto heist that took place at Bybit on 21 February, 2025:
Here are some of my impressions after I learned about the news (I was on holiday casually scrolling through my newsletters on mobile, yikes)
I am not surprised another centralized exchange is targeted
Forbes quotes the latest Chainalysis crypto crime report, but I reckon the more interesting graphs are these two:
Notice the (re)increase of centralized services 
Same here: DeFi seems to be decreasing, exchanges and other centralized services (bridges anyone?) increasing There seems to be a down tick over the last couple of years (imho) in certain types of hacks, such as the "classic" crypto hacks due to smart contract vulnerabilities (at least, those with larger pay-outs). On the other hand: advanced targeted attacks, where (amongst others) private keys are stolen, with bigger pay-outs, seem to be on the rise. Bybit and WazirX (hacked in July 2024 for $230M) are prime examples of this. Caveat: the top 10 largest hacks according to https://rekt.news/leaderboard/ are a mixed bag (i.e. targeted CEX hacks, DeFi hacks), so take my opinion with a grain of salt (I am no scientific researcher, just following my gut-feeling here).
- I was surprised to read about Safe{Wallet}'s involvement
I was am[1] going to publish an article on Patrick Collins' guide on Hardware Wallet Multi-Sig Verification, that refers to Safe{Wallet}. I was under the impression Safe had their security pretty well under control (and apparently they do: Safe claims their services were not compromised during the Bybit hack) Update: apparently they did not - the attack is confirmed to have been carried out through a compromised Safe{Wallet} developer machine, see here (x.com). It is however a tad surprising to see them ship additional security improvements to their product within 72 hours after the incident... Seems like they needed this trigger to expedite the release of these security features - I wonder how those internal discussions went...
Anyway, proper cryptographic key management piques my interest (because it still seems like black magic to me) and if I don't understand something, I dive in deeper (disclaimer: I do not work at a crypto company, nor do I have any hands-on experience whatsoever with "institutional grade" crypto custody solutions. I remain quite skeptical about all the sales mumbo jumbo that is thrown around - it is often nothing more than a word soup) - I was (and was not) surprised to see the issue was at the authorization layer
Implementing a fraud proof, least-privilege transaction approval mechanism with adequate seggregation-of-duties AND one that is practical (i.e. it can be used by normal humans without driving them mad) is quite a challenge. Messing up is not unheard of, especially if your adversary is North-Korea and they are actively targetting you... - I was not surprised to see our North-Korea friends behind this attack
These guys are no idiots. Why bother hacking traditional finance institutions (that usually have better than average security), when you can plunder wealhty crypto organizations/bros/... that have the security posture of a typical start-up (if any at all). I am not sure why other countries are not doing exactly the same (e.g. Iran has a massive cyber army, but I guess... they don't need crypto? Perhaps they have sufficient money or resources or other options to circumvent Western sanctions). I am also quite curious on how the attackers will manage to launder $1,500,000,000 clean. I will definitely read up on that aspect (Chainalysis' crypto crime report actually has some information on this!)
[1] There is so much stuff happening online, at such a ludicrous speed... it is insanity. I can not, will not ever be able to keep up (side note: I am also trying to keep up with AI developments). Besides, I am also reading (offline; physical books) much more lately, so that is why I have not come around to actually publish another article the past months. And of course, life also happens 🤷
Photo by Frankie Cordoba on Unsplash
By the way, first post of 2025! Happy new year!
