Quickly understand the history and background of various well-known coins

Bybit's $1.5B Crypto Heist: Social Engineering, Safe Contract Exploit

Coin WorldWednesday, Feb 26, 2025 3:51 am ET

1min read

On February 21, 2025, cryptocurrency exchange Bybit suffered a significant security breach, resulting in the loss of nearly $1.5 billion in assets. The attack targeted the exchange's on-chain multisig wallet, exploiting a vulnerability in the Safe contract used to manage the funds.

The breach was discovered by SlowMist, a blockchain security firm, which published an analysis of the incident. According to their findings, the attacker gained multisig permission through a sophisticated social engineering attack, then exploited the delegatecall feature of the Safe contract to implant malicious logic. This allowed the attacker to bypass the multisig verification mechanism and transfer the funds to an anonymous address.

Bybit was using version 1.1.1 of the Safe contract at the time of the breach, which lacked the Guard mechanism, a key security feature introduced in version 1.3.0. If Bybit had upgraded to the latest version of the Safe contract and implemented proper Guard mechanisms, such as specifying a whitelist address that can receive funds and enforcing strict contract function ACL verification, the breach might have been prevented.

This incident serves as a reminder that even robust security measures like multisig wallets can be vulnerable if not properly maintained and updated. As the cryptocurrency industry continues to grow, it is crucial for exchanges and other custodial services to stay vigilant and implement the latest security measures to protect their users' assets.

Comments

Add a public comment...

Post

Dependent-Teacher595

02/26

Social engineering is the new cyber threat.

Ironman650

@Dependent-Teacher595 True, social engineering's a big deal.

CrisCathPod

Bybit's breach is a harsh lesson. Always keep your security tools updated, or you might just find yourself crying over spilled milk. 📉

Corpulos

Bybit's loss is a harsh market lesson.

sesriously

If only Bybit had implemented the Guard mechanism, they could've avoided this mess. Remember, security is an ongoing battle, not a one-time win.

FirmMarket4692

Bybit's breach is a harsh lesson. Always keep your security tools updated, or you might just find yourself wiping virtual tears.

Elibroftw

The delegatecall feature can be a powerful tool when used right, but it's a nightmare if exploited. Always monitor your contracts closely.

scccc-

Social engineering attacks are sneaky and hard to detect. Bybit's breach is a reminder that even robust systems can fall if the human link is exploited.

BURBEYP

Bybit's breach is a wake-up call for all exchanges. Stay updated, secure your assets, and always keep an eye on that weakest link – the human factor. 😅

hey_its_meeee

@BURBEYP True, the human factor's a weak link.

foo-bar-nlogn-100

Imagine having $1.5B in your pocket, and then, poof! Gone. Bybit needs to tighten up their security game ASAP.

bmrhampton

SlowMist is a lifesaver! They're like the cybersecurity ninjas, spotting vulnerabilities before they turn into giant headaches.

roycheung0319

$TSLA and $AAPL take security seriously, or else we'd see headlines about their billion-dollar heists. Bybit, take notes.

Blackhole1123

I'm sticking to my crypto strategy of diversification and strict security measures. This kind of breach is a hard reminder of why caution is key.

r2002

@Blackhole1123 What's your crypto portfolio looking like rn? Any big wins or regrets?

Throwaway420_69____

Safe contract upgrade could've saved the day.

No More Comment