Bybit's $1.5B Crypto Heist: Social Engineering, Safe Contract Exploit
1min read On February 21, 2025, cryptocurrency exchange Bybit suffered a significant security breach, resulting in the loss of nearly $1.5 billion in assets. The attack targeted the exchange's on-chain multisig wallet, exploiting a vulnerability in the Safe contract used to manage the funds.
The breach was discovered by SlowMist, a blockchain security firm, which published an analysis of the incident. According to their findings, the attacker gained multisig permission through a sophisticated social engineering attack, then exploited the delegatecall feature of the Safe contract to implant malicious logic. This allowed the attacker to bypass the multisig verification mechanism and transfer the funds to an anonymous address.
Bybit was using version 1.1.1 of the Safe contract at the time of the breach, which lacked the Guard mechanism, a key security feature introduced in version 1.3.0. If Bybit had upgraded to the latest version of the Safe contract and implemented proper Guard mechanisms, such as specifying a whitelist address that can receive funds and enforcing strict contract function ACL verification, the breach might have been prevented.
This incident serves as a reminder that even robust security measures like multisig wallets can be vulnerable if not properly maintained and updated. As the cryptocurrency industry continues to grow, it is crucial for exchanges and other custodial services to stay vigilant and implement the latest security measures to protect their users' assets.
