There's some info and speculation in these two (distinct) articles, but I'd love to know technical details of where the gaffs were.
eg. Was client software compromised? Did the multisig keyholders succumb to social engineering? Were the signers using airgapped machines / hardware devices?
"Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change the smart contract logic of our ETH cold wallet. This resulted Hacker took control of the specific ETH cold wallet we signed and transfered all ETH in the cold wallet to this unidentified address."
Unfortunately most hardware wallets can't interpret EVM smart contract transactions and asks you to sign a big binary blob that is supposed to match what you see on your computer screen (it's literally called blind signing). He said in the tweet and later on a live stream that they verified that the URL was correct, and there were several signers in different locations on different machines.
Logically the UI must have been manipulated for all of them, which I can think of a few different ways to do:
- The signing link was replaced somehow over whatever medium they sent it to each other, pointing to something that either looks like the original UI (perhaps IDN homograph domain) or is the actual site if it has some weakness that allows script injection to manipulate the page
- The server side was exploited to serve a manipulated page
- Client side malware that injects something in the browser to manipulate the page
- Some kind of network/DNS attack combined with mis-issued TLS certificate (or injected CA)
It points to some level of sophistication and long-term observation of their internal systems to know what the process looks like and devising an attack.
Will be interesting to read when/if they release a full analysis.
They could have used a hardware wallet like the Lattice1 from GridPlus, which actually shows the function parameters on a big screen instead of blind signing.
Oh, when I read this yesterday I assumed "musked" was a clever play on the idea that someone is tricked into agreeing to things against their interests.
> According to crypto security firm Groom Lake, a Safe multisig wallet was deployed on Ethereum in 2019 and on the Base layer-2 in 2024 with identical transaction hashes. Ethereum’s alphanumeric transaction hashes are 64 characters long, so deploying the same smart contract transaction hash twice should be mathematically impossible.
> The same transaction hash appearing on both Ethereum and Base indicates an attacker could have found a way to make a single transaction valid on more than one network or could be reusing crypto wallet signatures or transaction data across networks, pseudonymous Groom Lake researcher Apollo said.
A huge problem with signing EVM transactions using hardware wallets is that is common to be blind signing messages. The device has no knowledge of the SAFE EVM contract functions or any other context, it just asks you to sign an gobblygook opaque binary message so you may have no idea what's being signed, is my experience using multiple different vendor HW wallets. Not sure if that's what happened, but possible this type of problem contributed to the exploit. BTC TXs are simple enough that all HW wallets can basically display what's happening, but with turing-complete arbitrary computations in EVM this becomes very difficult.
In almost all cases EVM smart contract interaction looks like a function call which can be easily decoded into JSON if you know ABI.
HW wallet doesn't need to understand the contract logic, it just needs ABI, which is generally a simpler task. Also it can show the name of function you're calling as selector is a hash of a name.
Safe is a bit more complex as it also wraps it in EIP-712 message, but that can also be decoded in a systematic way.
https://x.com/tayvano_/status/1847877011462901915
This thread has some info about very similar past attacks, should give some insights into the level of sophistication that goes into something like that.
Cold usually means it needs multiple physical people to sign from offline devices to move it. Hot wallet usually is automated. Here it looks like the «hackers» found a way to trick enough people to sign this transaction
It could still be cold. "took control of the specific ETH cold wallet" sounds like stealing the physical hardware. Like someone stealing the vault key, or the HDCP master key getting leaked.
They could have gotten the recovery phrase off some paper, then imported it wherever. More likely than guessing the pin on a ledger with a short number of tries before wiping.
The wallet is a smart contract (specifically a gnosis safe), the malicious message they signed transferred ownership of that smart contract wallet to the attacker so they could then do whatever they want with it.
How on earth is it possible they can cover a 1.5B loss? Are they really sitting on that much profit, or is the goal to ponzi it out from here, MtGox style?
Bybit trading volume is in tens billions of dollars daily. Their comission rate for the retail traders is up to 10bp (0.1%). Even considering a huge part of that volume is coming from institutional players who enjoy significantly reduced commission rates, I think they're surely making few million dollars daily on comissions alone, maybe tens of millions in a good day. And besides comissions, they also have other sources of profit, like staking, crediting customers, and forced liquidations.
Being a crypto exchange in current market is very profitable. If the crypto itself does not collapse, I think it's totally possible for them to repay that sum in a year or less.
I'm nowhere near expert on any of the things below, but:
My gut tells me if an exchange makes as much money as you suggest, people involved in that exchange are making even more profit from the said exchange, otherwise they wouldn't engage. The whole thing being literally money out of thin air, it feels like a huge bubble that should inevitably burst bringing down _ a lot _ of collaterals with it.
These exchanges make an absurd amount of money. That amount of money is basically a decent quarter for Coinbase in fee revenue, and Bybit is smaller but it isn't that much smaller.
It sucks if you're Bybit, but they're going to have plenty of lenders happy to provide them liquidity while they make it all back.
I can understand why some FTX creditors are pissed that the exchange didn't start back up under new management. They would have actually been made whole, unlike the current situation where they're getting "repaid" but pegged to November 2022 valuations (i.e. the absolute bottom of the crypto bear market).
Bybit is one of the most used crypto exchanges and does >100M$ of revenue per month, growing fast.
If this isn't enough, I'm sure that every crypto VC would line up to buy a single digit % of their equity to cover up the hole. Crypto hosts the most profitable businesses in the world.
> Crypto hosts the most profitable businesses in the world.
Well, because the retail clients expect to get rich and don't mind paying 1% or so fees per exchange.
Similarly, the BTC future basis (the difference between the spot price and future price) on many exchanges around 10 to 5 years ago was easily 80% p.a. which you could realize by buying Bitcoin and selling the future. What happened there is that people going long Bitcoin with leverage essentially borrowed the money giving them that leverage at usurious rates (this implied rate is not usually displayed and thus invisible to your average retail client, but definitely very visible to the finance professionals moonlighting in crypto (such as Jane Street, Jump trading, and many others)).
Yes, the profits are insane in that business. Binance was raided for a similar amount, and paid it out easily. Mtgox was raided for ₿650k ($60B in today's money), and plans to return ₿140k to traders. However, I believe most Mtgox investors are better off this way because they were forced to hold onto their investments; otherwise, they would have sold at around $1,000 or so.
This loss is more than 5% of their holdings.. To me that implies the supposed benefit of crypto is nonexistent. If an institution is making so much money off your crypto assets that they can return 5% of them, they are a bank doing whatever it was that was so evil.
How on earth is it possible they can cover a 1.5B loss?
Easy! They give Binance an IOU in exchange for 1.5 billion BUSD which is just "minted" out of fresh new electrons. Neither of them has really lost anything. Everyone can carry on as if it never happened.
In the bizarro world of crypto, this is business as usual.
We don't know if they can cover it. All we know is a statement from their CEO.
Can we trust that? Suppose that ByBit couldn't cover the loss, and the CEO would honestly inform the world about it. What would happen? The crypto-equivalent of a bank run. So he would never say that.
There should be something like a "finalizing transaction", which both the sender and receiver need to sign after the first transaction has been mined, i.e. like an in-built escrow. If it's not signed by both, then funds are returned. This wouldn't protect against key leakage, but in this case, the tx was signed by accident. This would also protect against sending to wrong address.
There are cryptocurrencies in which transactions must be signed by both sender and receiver, such as those implementing the pure Mimblewimble protocol.
> Both the sender and receiver need to sign after the first transaction has been mined
That makes no sense; miners don't mine transactions unless they're guaranteed to be valid. All signing must be done before transactions are even published. Otherwise one could DoD-attack the network by having it forward tons of invalid transactions.
You’d mine the first transaction which is a nominal value but the rest of the transaction won’t get mined until that first transaction is signed by both parties indicating acceptance. You could even break it down into an arbitrarily multi-stage process where the next stage is exponentially larger more money (i.e. transfer $100, then transfer $1000, then $1000, etc). This would make the accident “hit a button and lose a B right away” much harder to pull off. Of course, in this case I don’t know that it would help as I believe the attacked party signed approval to change the contract itself.
I'm a huge crypto believer but I can admit that we don't have a serious system if a person can just transfer over $1.5B from a well known crypto cold wallet to different accounts with nothing flagging it and no way to reverse it.
In the face of the never-ending list of these kinds of events, the laughably impossible task of average nontechnical individuals protecting their own assets (and the consequence of total financial ruin when they fail to do so), the overwhelming number of and size of scams, rug pulls, fraud, outright Ponzi schemes, and on and on and on… what exactly is left to keep anyone a “huge believer”?
Put differently, it’s been seventeen years of constant and escalating mayhem. What would finally be enough to shake your faith?
> what exactly is left to keep anyone a “huge believer”?
I don't really engage in the ponzibucks part and don't touch exchanges except to on and off-ramp, and use crypto to pay for things like hosting, seedboxes, or other services I might not necessarily want my debit card directly attached to.
I like sending vendors $100 and spending $0.00005 in transaction fees and knowing that they'll get $100 (or $99 with some 3rd party integration like Coinbase Commerce) versus spending $100, of which Stripe gets $5 of and the vendor only sees ~$95 if I don't feel like I need the protections of a card, which is frequent but not all the time.
Crypto fits a niche in my life well, despite the wider crypto world having dumb controversies. Just like my HSBC bank account fits a niche well, despite HSBC's wikipedia page being ~50% controversy section by word count.
> What would finally be enough to shake your faith?
Permanent and major market crashes is the only thing I can think of .
After the last crash a lot of fraud and incompetence got out because they couldn’t stay solvent, stuff like Celsius or FTX etc got exposed only because of the crash we had in 21/22.
It will take a few crashes, like that, until then scams or incompetence like this incident will not make people loose their money.
Few crashes, then most believers will loose their savings then the faith will shatter not until then.
Most people are after all investing in crypto because it goes up and not because they believe in decentralized currencies. As long as they hear how someone is making money on crypto they will keep believing no matter how many meme coins pull the rug, or exchanges fail or pig butchering or myriad of other scams come to light
> what exactly is left to keep anyone a “huge believer”?
Bias. I expect believers to have earned a profit or still hold significant quantities of crypto assets.
But in their favor, trust in any currency is the foundation of its value. States create it by collecting taxes and paying employees. Crypto currencies generally lack that heavy weight central authority, so they kind of have to believe to the point where they get burned.
You like decentralized money without laws and accountability, but would like to have a central thing (TBD) that is accountable and respect laws? How would that work?
1. Upgrade protocol to include protections for well known cold wallets held by exchanges (ex: API call has to be made to the exchange's security endpoint to validate each transaction out of the wallet. Exchange staff would need to manually allowlist large transactions before they are transmitted).
2. Decentralized voting on reversal of transactions (90-95%+ vote needed to reverse to avoid 51% attacks)
I think the move is less having a central thing and more advancing wallet and multisig technology. ByBit was pretty reckless by using a simple majority multisig to hold $1.5b. At that level you should probably have a few speed bumps. Like, maybe a majority of signatures allows you to make a proposal, but you can only accept the proposal after a couple hours, which would give you the chance to see the malicious transaction and bail on it.
Something like that would probably be overkill for individuals, but most people would definitely benefit from some added on chain bureaucracy regarding how their accounts are managed. And yes, for many this would lead to a system that isn't notably less centralized than the traditional banking system. But people would at least have a choice as to where their wallets gets to sit on the bureaucracy <> complete freedom spectrum. And even if they end up closer to the bureaucracy end, they'd have a lot more flexibility and lower administrative fees than what they currently have.
Right on. My bank calls me every time I send money out. And I'm talking like $50. I used to find it annoying, but now I'm blown away every financial system doesn't...
On the one hand, I understand banks attempting to protect customers and limit liability, on the other hand, frankly I have better things to do with my time than spend 30 minutes waiting in a phone queue because I had the audacity to go on holiday and attempt to spend $20 on ice cream.
Can someone even explain what Bybit is actually about? I searched around when the hack was announced, but I'm very confused. Mostly what I saw said "scam" on it.
This isn't your run-of-the-mill Coinbase style exchange, right?
It's the second largest crypto exchange by volume globally, behind Binance. Specialized in derivatives but they have lots of regular retail products that you might find at Coinbase. Basically like a bigger version of Coinbase from Asia.
Readit News
The $1.5B Bybit Hack - https://news.ycombinator.com/item?id=43140754
Normally we'd merge that one hither but it looks like that article has more background and the thread is (therefore) better.
eg. Was client software compromised? Did the multisig keyholders succumb to social engineering? Were the signers using airgapped machines / hardware devices?
https://archive.ph/YMZrq
https://blockworks.co/news/bybit-hack-raises-security-questi...
"Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change the smart contract logic of our ETH cold wallet. This resulted Hacker took control of the specific ETH cold wallet we signed and transfered all ETH in the cold wallet to this unidentified address."
[yes, it says 'musked', assuming they meant masked. @safe is https://safe.global/wallet]
Unfortunately most hardware wallets can't interpret EVM smart contract transactions and asks you to sign a big binary blob that is supposed to match what you see on your computer screen (it's literally called blind signing). He said in the tweet and later on a live stream that they verified that the URL was correct, and there were several signers in different locations on different machines.
Logically the UI must have been manipulated for all of them, which I can think of a few different ways to do:
- The signing link was replaced somehow over whatever medium they sent it to each other, pointing to something that either looks like the original UI (perhaps IDN homograph domain) or is the actual site if it has some weakness that allows script injection to manipulate the page
- The server side was exploited to serve a manipulated page
- Client side malware that injects something in the browser to manipulate the page
- Some kind of network/DNS attack combined with mis-issued TLS certificate (or injected CA)
It points to some level of sophistication and long-term observation of their internal systems to know what the process looks like and devising an attack.
Will be interesting to read when/if they release a full analysis.
> According to crypto security firm Groom Lake, a Safe multisig wallet was deployed on Ethereum in 2019 and on the Base layer-2 in 2024 with identical transaction hashes. Ethereum’s alphanumeric transaction hashes are 64 characters long, so deploying the same smart contract transaction hash twice should be mathematically impossible.
> The same transaction hash appearing on both Ethereum and Base indicates an attacker could have found a way to make a single transaction valid on more than one network or could be reusing crypto wallet signatures or transaction data across networks, pseudonymous Groom Lake researcher Apollo said.
HW wallet doesn't need to understand the contract logic, it just needs ABI, which is generally a simpler task. Also it can show the name of function you're calling as selector is a hash of a name.
Safe is a bit more complex as it also wraps it in EIP-712 message, but that can also be decoded in a systematic way.
I have very limited knowledge about EVM, but those computations are bounded by gas, right? Evaluating them is a finite process.
You'd think they could at least show a blockie representing the contract, or reputational party who cryptographically vouched for it.
Deleted Comment
> [The hacker] took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address.
Did the hacker physically break into their office or what?
Or some part of their system failed and the key was compromised without them realising it (like the Debian insecure keys debacle or whatever)
Being a crypto exchange in current market is very profitable. If the crypto itself does not collapse, I think it's totally possible for them to repay that sum in a year or less.
</speculation>
https://www.nber.org/papers/w30783
It sucks if you're Bybit, but they're going to have plenty of lenders happy to provide them liquidity while they make it all back.
It's not that crypto folks don't want some protection from hacks or fraud - the just think it should only be for the rich.
Since it was a profitable broker business, another bigger broker gave them the money to plug the loss in exchange for taking over the business.
If this isn't enough, I'm sure that every crypto VC would line up to buy a single digit % of their equity to cover up the hole. Crypto hosts the most profitable businesses in the world.
Well, because the retail clients expect to get rich and don't mind paying 1% or so fees per exchange.
Similarly, the BTC future basis (the difference between the spot price and future price) on many exchanges around 10 to 5 years ago was easily 80% p.a. which you could realize by buying Bitcoin and selling the future. What happened there is that people going long Bitcoin with leverage essentially borrowed the money giving them that leverage at usurious rates (this implied rate is not usually displayed and thus invisible to your average retail client, but definitely very visible to the finance professionals moonlighting in crypto (such as Jane Street, Jump trading, and many others)).
Crypto use case: ripping off retail.
Easy! They give Binance an IOU in exchange for 1.5 billion BUSD which is just "minted" out of fresh new electrons. Neither of them has really lost anything. Everyone can carry on as if it never happened.
In the bizarro world of crypto, this is business as usual.
Can we trust that? Suppose that ByBit couldn't cover the loss, and the CEO would honestly inform the world about it. What would happen? The crypto-equivalent of a bank run. So he would never say that.
> Both the sender and receiver need to sign after the first transaction has been mined
That makes no sense; miners don't mine transactions unless they're guaranteed to be valid. All signing must be done before transactions are even published. Otherwise one could DoD-attack the network by having it forward tons of invalid transactions.
Illicit addresses sending to thousands of random recipients and making them all marked by automated KYC systems.
Put differently, it’s been seventeen years of constant and escalating mayhem. What would finally be enough to shake your faith?
I don't really engage in the ponzibucks part and don't touch exchanges except to on and off-ramp, and use crypto to pay for things like hosting, seedboxes, or other services I might not necessarily want my debit card directly attached to.
I like sending vendors $100 and spending $0.00005 in transaction fees and knowing that they'll get $100 (or $99 with some 3rd party integration like Coinbase Commerce) versus spending $100, of which Stripe gets $5 of and the vendor only sees ~$95 if I don't feel like I need the protections of a card, which is frequent but not all the time.
Crypto fits a niche in my life well, despite the wider crypto world having dumb controversies. Just like my HSBC bank account fits a niche well, despite HSBC's wikipedia page being ~50% controversy section by word count.
Permanent and major market crashes is the only thing I can think of .
After the last crash a lot of fraud and incompetence got out because they couldn’t stay solvent, stuff like Celsius or FTX etc got exposed only because of the crash we had in 21/22.
It will take a few crashes, like that, until then scams or incompetence like this incident will not make people loose their money.
Few crashes, then most believers will loose their savings then the faith will shatter not until then.
Most people are after all investing in crypto because it goes up and not because they believe in decentralized currencies. As long as they hear how someone is making money on crypto they will keep believing no matter how many meme coins pull the rug, or exchanges fail or pig butchering or myriad of other scams come to light
Bias. I expect believers to have earned a profit or still hold significant quantities of crypto assets.
But in their favor, trust in any currency is the foundation of its value. States create it by collecting taxes and paying employees. Crypto currencies generally lack that heavy weight central authority, so they kind of have to believe to the point where they get burned.
Crypto scams run by top government officials? Oh, wait...
Dead Comment
1. Upgrade protocol to include protections for well known cold wallets held by exchanges (ex: API call has to be made to the exchange's security endpoint to validate each transaction out of the wallet. Exchange staff would need to manually allowlist large transactions before they are transmitted).
2. Decentralized voting on reversal of transactions (90-95%+ vote needed to reverse to avoid 51% attacks)
Something like that would probably be overkill for individuals, but most people would definitely benefit from some added on chain bureaucracy regarding how their accounts are managed. And yes, for many this would lead to a system that isn't notably less centralized than the traditional banking system. But people would at least have a choice as to where their wallets gets to sit on the bureaucracy <> complete freedom spectrum. And even if they end up closer to the bureaucracy end, they'd have a lot more flexibility and lower administrative fees than what they currently have.
Unreal.
He just left off the implied part.
This isn't your run-of-the-mill Coinbase style exchange, right?