‘Blind signing is an issue, but not the prime suspect’ expert says on Bybit $1.4b saga
Aneirin Flynn, co-founder and CEO of FailSafe, spoke with crypto.news about the Bybit exploit, future preventive measures, and why an Ethereum rollback is unfeasible.
Cryptocurrency prices tumbled following one of the largest cyber heists in financial history, as North Korea’s Lazarus Group breached Bybit’s Ethereum (ETH) cold wallet, stealing more than 400,000 ethereum worth $1.4 billion at the time.
Ben Zhou, Bybit’s CEO, was quick to defend the exchange. The community was kept informed, industry leaders mobilized resources to assist, and Bybit filled the financial gap within days, restoring withdrawals to normal.
While recovery efforts advanced through a bounty program and on-chain tracking, hackers laundered the stolen funds across thousands of addresses.
Hack, exploit, or something else?
“This was a sophisticated social engineering attack,” FailSafe CEO Aneirin Flynn told crypto.news. Flynn said hackers used similar tactics against Radiant Capital, DMM Bitcoin, and WazirX.
In Bybit’s case, Zhou said bad actors spoofed the multi-sig UI and the team unknowingly signed malicious transactions. Findings from an audit conducted by Sygnia Labs and Verichains discovered that Lazarus agents used compromised access from a Safe Wallet developer to deceive Bybit multi-sig signers.
This breach allowed North Korean-funded cybercriminals to push through a malicious transaction, siphoning funds from Bybit’s cold wallet.
Multi-sig blind signing
The incident raised concerns about blind signing, where users approve transactions without fully verifying details such as destination addresses.
According to Zhou, he was the final signer and used a Ledger hardware wallet to authorize the last approval. However, design limitations prevented full transaction verification, ultimately allowing hackers to steal the funds.
“Yes, blind signing is an issue, but it’s not the prime suspect in this case,” Flynn said when asked if it enabled the theft. Instead, FailSafe’s CEO pointed to large digital asset clusters maintained by most centralized exchanges and protocols in the industry.
Bybit painted a target on its back because it stored billions of crypto in a single multi-sig and Lazarus came knocking, Flynn suggested. Splitting assets under management across multiple addresses may stem the problem, FailSafe’s boss said.
While greater employee vigilance and robust transaction security tooling would have reduced the likelihood of a successful theft, segregating assets would have been the most effective way to reduce the exchange’s appeal to attackers.
Aneirin Flynn, FailSafe co-founder and CEO
Ethereum rollback not the solution for Bybit
Maelstrom CIO Arthur Hayes suggested rolling back ethereum’s blockchain to reverse the Bybit hack, a move that would restore transactions and wallet balances to their pre-hack state.
Hayes argued that the 2016 DAO fork set precedent for this to happen. Hackers stole $60 million from the Ethereum DAO at the time, striking a big blow to Ethereum, which was still in its infancy back then.
The DAO then voted for an “irregular state change” to curtail the crisis. Ethereum was split into two – Ethereum Classic, the original blockchain with the DAO hack losses, and Ethereum, today’s second-largest blockchain.
Short-lived discussions based on Hayes’ idea noted that the 2016 DAO hack, an existential crisis for Ethereum at the time, was starkly different from Bybit’s $1.4 billion loss, arguably a splash in the ETH pond in the current market.
Flynn stated that rolling back Ethereum now would break too many protocols and smart contracts given the size of ETH’s ecosystem. “Rolling back Ethereum is technically possible through a hard fork but practically infeasible now due to the network’s size, complexity, and decentralization.”
