The hack that occurred in February involving Bybit sent shockwaves through the crypto world after $1.4 billion in Ether-related tokens was stolen from the centralized exchange, allegedly orchestrated by the North Korean hacking group Lazarus. This incident stands as the most significant cryptocurrency theft to date.
The aftermath of the breach has led many to question what transpired, whether their investments are secure, and what measures can be pursued to avoid similar incidents in the future.
As noted by a blockchain security firm, the extensive heist accounted for about 92% of all cryptocurrency losses in February, which experienced an almost 1,500% rise in total lost assets compared to January due to this event.
In the latest episode of a podcast, the hosts engage with a top executive from the security company to discuss the details of the Bybit breach, its implications, strategies for users and exchanges to secure their digital assets, and more.
Are crypto wallets still secure following the Bybit breach?
In straightforward terms, the Lazarus Group succeeded in executing the substantial hack against Bybit by compromising the devices of all three signers who managed the multisignature wallet the exchange utilized. They were then deceived into approving a harmful transaction that they believed was legitimate.
Does this imply that the multisignature wallet can no longer be relied upon? That’s not entirely accurate, according to the expert. “It’s possible that additional information was compromised when the developer’s computer was breached. However, the likelihood of individual users facing this risk is quite low.”
He suggested that there are several steps an average user can take to significantly enhance their crypto security, such as using cold wallets and being vigilant about potential phishing schemes on social networks.
Image Source
When queried about the risk of ledger or hardware wallets like Trezor being compromised in a similar fashion, the expert reiterated that this scenario poses a minimal risk for most users—as long as they exercise caution and conduct transactions mindfully.
“One reason this occurred was that the signers were unknowingly signed off without verifying the complete address because their devices didn’t display it fully,” he explained, adding, “Always ensure that the address you are sending funds to is the one you intend, and double-check, especially for larger transactions.”
“I believe that in the aftermath of this event, the industry will likely take steps to make the signing process more transparent and recognizable. There are multiple lessons to be learned, and this is undoubtedly one of them.”
How to avert the next billion-dollar exchange breach
The expert referenced a lack of comprehensive regulations and protective measures as contributing factors to the ongoing repercussions of the hack. This has sparked discussions about the extent of decentralization, particularly as several validators from a cross-chain bridge decided not to intervene in the Lazarus Group’s attempts to convert its assets into Bitcoin.
“Welcome to the Wild West,” he stated. “This is the reality we’re currently facing.”
“From our perspective, for the crypto industry to thrive, it needs to embrace regulation,” he argued. “To facilitate mass adoption, we need to align with regulations and develop means to ensure a safer environment in this space.”
The expert praised Bybit’s CEO for his response to the breach, but also pointed out that the exchange’s bug bounty program had a reward of only $4,000 prior to the hack. While not all cybersecurity professionals are incentivized solely by financial gain, higher bug bounties could indeed enhance the security of exchanges.
When discussing how exchanges and protocols can attract and retain top-tier talent to safeguard their systems, he mentioned that security engineers often do not receive the acknowledgment they deserve.
“Many believe that the best talent gravitates toward development roles because that’s where more rewards are found,” he said. “It’s paramount that we also focus on acknowledging security engineers, who bear tremendous responsibility.”
“We need to be more generous in supporting them, whether through financial means or recognition, and provide what we can afford in a reasonable manner.”
For more insights from the expert’s discussion—including details on how audits are conducted, and the implications of quantum computing and AI in cybersecurity—tune into the full episode of the podcast. And make sure to explore the complete assortment of shows available!
Note: This piece is intended for general informational purposes and should not be construed as legal or investment advice. The opinions expressed belong solely to the author and do not necessarily reflect the views of any organization.