The Bybit Hack: A Lesson the Crypto Industry Cannot Ignore

This is the biggest crypto hack since Mt. Gox. The incident highlights the urgent need to strengthen security and transparency in the crypto sector.

Bybit, one of the world’s leading cryptocurrency exchanges, suffered a cyberattack on February 21 that resulted in the theft of over 400,000 ETH, equivalent to approximately $1.4 billion. The attack, attributed to the North Korean hacker group Lazarus, exposed structural vulnerabilities in many exchange platforms.

A Sophisticated and Targeted Attack

On Friday, February 21, suspicious activity was reported from a Bybit wallet. Ramzi Bougammoura, Crypto Developer at CheckSig, said, “The hackers infiltrated through phishing and social engineering tactics targeting a Gnosis Safe developer’s device. Gnosis Safe is the leading multi-signature security system on Ethereum. The attackers then released malicious code into production, deceiving Bybit operators into signing transactions that appeared legitimate. This included manipulating the signature process of Bybit’s CEO, Ben Zhou, which was necessary to reach the required quorum. The hackers swiftly dispersed the funds across multiple addresses and converted part of the loot on unreliable exchanges, complicating recovery efforts.”

While sophisticated, the attack resembled past incidents, sparking a heated debate in the crypto community. Some even proposed rolling back the Ethereum blockchain to restore the pre-attack state.

What Awaits Bybit

Despite the severity of the theft, Bybit stated that it remains solvent and has implemented extraordinary measures to restore its Ether reserves. Through a combination of loans, buybacks, and support from other exchanges, the exchange has recovered nearly 100% of its pre-hack ETH reserves, totaling 446,870 ETH (approximately $1.23 billion).

Just hours after the attack, CEO Ben Zhou responded swiftly, announcing plans to publish a certified Proof-of-Reserves report to reassure investors. Considering the scale of the attack, the reaction from the crypto ecosystem was both cohesive and immediate.

A Lesson for the Crypto Industry

The Bybit hack is a stark reminder to the crypto industry: security cannot be taken for granted and requires a balance of advanced technology, rigorous standards, independent audits, and effective risk management.

Ferdinando Ametrano, CEO of CheckSig, stated: “This hack would have been impossible on Bitcoin. While Ethereum offers innovative tools, its complexity broadens the attack surface, making a more security-conscious approach essential. Both Gnosis Safe and Bybit bear significant responsibility: the former does not oversee the production release processes, and the latter uses a public, non-segregated environment managed by Gnosis Safe. Neither undergoes independent audits, holds SOC attestations, nor has insurance guarantees. The poor operational processes of major crypto players, unfortunately not limited to those involved in this incident, are disheartening. At CheckSig, we have long adopted an approach that combines maximum security, transparency, and independent verifications, demonstrating the safety of the assets we manage.”

For more details on CheckSig’s Proof-of-Reserves process and its commitment to security, visit the dedicated webpage.