TOKENICATION_ is your reliable source for the latest news and analysis on cryptocurrencies. We provide up-to-date information on Bitcoin, Ethereum, and other digital currencies to keep you informed about the latest trends and help you make informed decisions.
Date: 2025-02-26 21:20:00
Aneirin Flynn, co-founder and CEO of FailSafe, shared his insights with crypto.news on the Bybit exploit, potential preventive measures for the future, and the impracticality of an Ethereum rollback.
Cryptocurrency prices took a nosedive after one of the most significant cyber heists in financial history. North Korea's Lazarus Group infiltrated Bybit's Ethereum (ETH) cold wallet, making off with more than 400,000 ethereum valued at $1.4 billion at the time.
Ben Zhou, CEO of Bybit, promptly defended the exchange. The community was kept informed, industry leaders rallied resources to help, and Bybit filled the financial gap within days, restoring withdrawals to normal.
While recovery efforts progressed through a bounty program and on-chain tracking, hackers laundered the stolen funds across thousands of addresses.
"This was a sophisticated social engineering attack," FailSafe CEO Aneirin Flynn explained to crypto.news. Flynn noted that hackers employed similar tactics against Radiant Capital, DMM Bitcoin, and WazirX.
In Bybit's case, Zhou revealed that bad actors spoofed the multi-sig UI, and the team unintentionally signed malicious transactions. An audit conducted by Sygnia Labs and Verichains found that Lazarus agents exploited compromised access from a Safe Wallet developer to deceive Bybit multi-sig signers.
This breach allowed North Korean-funded cybercriminals to push through a malicious transaction, draining funds from Bybit's cold wallet.
The incident raised concerns about blind signing, where users approve transactions without fully verifying details such as destination addresses.
According to Zhou, he was the final signer and utilized a Ledger hardware wallet to authorize the last approval. However, design limitations prevented full transaction verification, ultimately enabling hackers to steal the funds.
"Yes, blind signing is an issue, but it's not the main culprit in this case," Flynn said when asked if it facilitated the theft. Instead, FailSafe's CEO highlighted the large digital asset clusters maintained by most centralized exchanges and protocols in the industry.
Read More: "Hackers Follow Money: Insights from Ledger CEO"
Bybit drew attention due to its storage of billions of crypto in a single multi-sig, and Lazarus took notice, Flynn suggested. Splitting assets under management across multiple addresses may alleviate the problem, FailSafe's boss proposed.
Although heightened employee vigilance and robust transaction security tooling would have decreased the likelihood of a successful theft, segregating assets would have been the most effective way to reduce the exchange's appeal to attackers.
Aneirin Flynn, FailSafe co-founder and CEO
Maelstrom CIO Arthur Hayes suggested rolling back Ethereum's blockchain to reverse the Bybit hack, a move that would restore transactions and wallet balances to their pre-hack state.
Hayes argued that the 2016 DAO fork set a precedent for this to occur. Hackers stole $60 million from the Ethereum DAO at the time, dealing a significant blow to Ethereum, which was still in its early stages back then.
The DAO then voted for an "irregular state change" to contain the crisis. Ethereum was divided into two – Ethereum Classic, the original blockchain with the DAO hack losses, and Ethereum, today's second-largest blockchain.
Brief discussions based on Hayes' idea noted that the 2016 DAO hack, a crisis for Ethereum at the time, differed greatly from Bybit's $1.4 billion loss, arguably a minor disturbance in the current ETH market.
Flynn stated that rolling back Ethereum now would disrupt too many protocols and smart contracts given the size of ETH's ecosystem. "Rolling back Ethereum is technically possible through a hard fork but practically infeasible now due to the network's size, complexity, and decentralization."
Read More: "Ethereum ETFs see $94.3M in redemptions, large investors offload ETH"