When we buy cryptocurrencies from an application, we usually leave our assets stored directly on the platform itself. This means that the safety of our investments depends on a digital purse managed by a third party. But experience shows that these applications are not 100% armored against computer attacks, so our assets could end up being violated or even stolen.
Many bybit users, One of the largest cryptocurrency exchanges in the worldThey have recently suffered an unprecedented blow. A group of cybercriminals linked to North Korea He has perpetrated the greatest robbery of cryptodivisas in history. An attack that not only affected the platform, but also leaves key lessons on the safety and risks of the crypto ecosystem.
An unprecedented robbery. As we mentioned a few weeks agoon February 21 Bybit suffered a serious security failure that resulted in the theft of 1.5 billion dollars in cryptocurrencies. But how is it possible that a platform that manages about 20,000 million dollars in deposits has been the victim of an attack of such magnitude? Let’s see.
The origin of the attack. Computer attacks rarely occur for a single failure. In most cases, they are the combination of several factors that ends up opening the door to a security gap. That is exactly what happened in the recent attack on Bybit, whose outcome could have been avoided if measures had been taken on time.
In July 2024, the cybersecurity firm Check Point published a technical report in which he warned about a weakness in SAFEfree software used in cryptocurrency operations. According to the document, the Exectransaction function could be exploited to manipulate transaction data and execute malicious code.
Between three and four months before the attack, the CEO of Bybit, Ben Zhou, admitted that his team had already detected compatibility problems between Safe and its security systems. But the warning did not translate into concrete measures. “We should have updated and away from Safe,” Zhou acknowledged in an interview with The New York Times.
An invisible trap. On February 21, shortly before midnight, Ben Zhou, CEO of Bybit, connected from home to approve, along with two other executives, an important transfer from Ether from a multisig account linked to the platform. A routine operation in appearance, but would end in disaster. To sign the transaction, he used his Ledger physical wallet, trusting the information that the interface showed on his computer.
In the eyes of the signatories, everything seemed in order: addresses, amounts and functions coincided with what was expected. But what they did not know was that the attackers had already committed part of Safe’s infrastructure. A malicious code inserted in the system manipulated the information on the screen, causing Zhou and his team to approve, without knowing it, a fraudulent transaction. The result was inevitable: the funds ended in a purse controlled by the attackers. Everything was recorded in the blockchain, but it was too late.
Panic call. Around 30 minutes later, the financial director (CFO) of Bybit telephoned Zhou in a trembling voice: “The entire Ether has disappeared.” Zhou departed without delay towards the Bybit offices in Singapore and initiated an internal crisis protocol known as P-1 where all members of the leadership team are awakened. But there were little to do. Transactions of this type cannot be reversed. Their efforts focused on investigating what happened, giving tranquility to customers and applying changes to improve security.
A brilliant strategy. The problem was not in the intelligent contract code or in the Multisig system. There was no failure in these points, but a well -orchestrated trap: the attackers manipulated the interface and the signature flow, deceiving the signatories to authorize false transactions without realizing it. And there is the true nightmare: you can count on multiple signatures and high level, but if everyone sees the same and what they see is a hoax, the attack is consumed without major obstacles.
Images | RC.XYZ NFT Gallery | Jakub żerdzicki