Crypto Heist: $1.5B Ethereum Stolen in Sophisticated Bybit Hack

Coin WorldSaturday, Feb 22, 2025 2:47 am ET

1min read

The recent hack of Bybit, a centralized cryptocurrency exchange, has raised serious concerns about the security of digital assets. The attack resulted in the theft of approximately $1.5 billion worth of Ethereum, highlighting the need for robust security measures in the crypto industry.

The hack was executed using a sophisticated method known as "Blind Signing," which allows transactions to be approved without revealing all the details. The attackers compromised Bybit's ETH cold wallet, transferring nearly $1.5 billion in assets into a single wallet before spreading them across multiple wallets. The incident underscores the true nature of crypto assets, as there are no uniform laws for international crimes, making it difficult for Bybit to recover the losses. In response, Bybit has announced a 50,000 ARKM bounty for further investigations.

The attack unfolded through a series of steps. The hackers deployed a trojan contract along with a backdoor contract, setting up a trap for Bybit's upgradeable multisig wallet. They tricked the wallet's signers into authorizing a seemingly harmless ERC-20 token transfer. However, this transaction contained a delegate call, a function that allowed them to alter the contract's core logic. The attackers used the trojan contract to replace the wallet's master contract with their own backdoor contract, giving them full control. Once in control, the hackers executed commands to sweep all available ETH, mETH, stETH, and cmETH tokens from the wallet.

Several security red flags were ignored during the transaction. The transfer was directed to an unlisted contract that wasn't ERC-20 compliant, involved zero tokens, and used a delegate call, which modifies contract logic. These loopholes should have triggered a compliance check, yet the transaction was still approved. The fact that these security measures failed suggests the attackers had inside knowledge of Bybit's operations.

The growing sophistication of crypto attacks underscores the urgent need for better security protocols in the industry. Stronger pre- and post-signing security checks could have prevented the attack. If independent security layers had reviewed the transaction, they could have identified the suspicious elements before approval. As the crypto world continues to evolve, it is crucial for exchanges and investors to stay vigilant and implement robust security measures to protect their assets.

Comments

﻿

Add a public comment...

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.