Bybit Hack: A Detailed Breakdown of How the Attack Unfolded, Revealing Major Lapses in Security

The recent Bybit hack of $1.5 billion has raised serious security concerns, with reports confirming the attackers used a highly sophisticated method to drain millions in crypto assets.

A recent hack on Bybit, a centralized crypto exchange, has resulted in the loss of an estimated $1.5 billion in crypto assets. The attackers reportedly used a highly advanced method to drain millions from the platform. Crypto analyst David Leung has provided a detailed analysis of the attack, highlighting major lapses in Bybit's security measures.

According to Arkham's report, the Bybit hack was executed through a technique known as “Blind Signing,” which allows transactions to be approved without fully disclosing all the details. In this case, the attackers managed to compromise Bybit's ETH cold wallet, swiftly moving nearly $1.5 billion in assets into a single wallet before distributing them further across multiple wallets.

Considering the decentralized nature of crypto assets and the lack of uniform laws for international crimes, it may be challenging for Bybit to recover the lost funds. However, in a related development, Bybit has announced a 50,000 ARKM bounty for any information that can lead to the attackers and further aid in the investigation.

Here's a closer look at the events and steps to stay protected.

How the Attack Unfolded

The attackers deployed a trojan contract and a backdoor contract to set a trap for Bybit's upgradeable multisig wallet. They deceived the wallet's signers into authorizing a seemingly harmless ERC-20 token transfer, but the transaction included a concealed delegate call — a function that allows them to alter the contract's core logic. Instead of a simple transfer, the attackers used the trojan contract to replace the wallet's master contract with their own backdoor contract, essentially granting them complete control.

Once in command, the hackers executed commands to sweep all available ETH, mETH, stETH, and cmETH tokens from the wallet. Notably, the backdoor contract was designed to perform only two functions: transferring ETH and ERC-20 tokens to an address of their choice, enabling them to rapidly drain the funds before Bybit could intervene.

Red Flags Ignored by Exchange

Leung further highlighted several red flags that should have prompted the exchange to halt the transaction. The transfer was directed to an unlisted contract that didn't adhere to the ERC-20 standard, involved zero tokens, and utilized a delegate call to alter contract logic. These loopholes typically trigger a compliance check, yet the transaction was still processed. The attackers' deep understanding of Bybit's operations suggests they may have had inside assistance.

Could This Have Been Prevented?

According to David, the attack could have been thwarted by implementing more stringent pre- and post-signing security checks. If independent security layers had examined the transaction, they might have detected the suspicious elements and prevented its approval. The hack showcases the increasing sophistication of crypto attacks and the pressing need for the industry to adopt more robust security protocols.

Don't Miss a Beat in the Crypto World!

Stay up to date with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.