Some thoughts on the recent hack(s).
There is a pattern where hackers were able to steal large amounts of crypto from multi-sig “cold storage” solutions, as with ByBit, Phemex, WazirX and potentially others. In the most recent ByBit case, the hackers were able to make the…
— CZ 🔶 BNB (@cz_binance) February 22, 2025
North Korean hackers have pulled off the biggest cryptocurrency heist in history, stealing a staggering $1.5 billion from the Dubai-based exchange Bybit. The theft has sent shockwaves through the industry and raised concerns about the security of digital assets. According to blockchain analysis firm Elliptic, the methods used to launder the stolen funds bear the hallmarks of North Korean threat actors.
In our latest blog, we look at how the near-$1.5 billion Bybit exploit occurred, the attackers’ link to the DPRK, and how we are collaborating with Bybit and law enforcement to help recover funds: https://t.co/MOh0JQZd9V pic.twitter.com/iIwF2xm1b0
— Chainalysis (@chainalysis) February 24, 2025
The hackers drained more than 400,000 Ethereum and staked Ethereum coins from Bybit’s “Multisig Cold Wallet” and swiftly transferred them to wallets under their control. Bybit officials confirmed the theft and revealed that the attackers had manipulated the smart contract logic and user interface to gain control of the ETH Cold Wallet. This allowed them to forge valid signatures and move the funds undetected, despite the multisig cold wallet being considered one of the most secure storage methods.
The heist has shattered assumptions about the security of cryptocurrency wallets.
The ByBit hack will prove that our community can get together and work as a single team to recover the most funds possible.
— Paolo Ardoino 🤖 (@paoloardoino) February 22, 2025
Industry on high alert after Bybit hack
Researchers from security firm Check Point noted, “The Bybit hack has demonstrated that no matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link.”
North Korean hackers are known for their advanced malware tools and social engineering skills.
They often build online personas over weeks or months to gain the trust of their targets. In Bybit’s case, they tampered with the user interfaces of multiple employees who were required to approve transactions, leading them to unknowingly approve the fraudulent transfers. The incident highlights the need for the cryptocurrency industry to return to basic security principles, such as segmenting internal networks and implementing multiple overlapping controls to detect and prevent attacks.
It also underscores the importance of preparing for sophisticated scenarios like this, as even the most secure systems can be compromised through human elements and UI manipulation. As the industry grapples with the implications of this theft, it is clear that more stringent security measures and better education on social engineering tactics will be crucial to defending against future attacks of this magnitude. The Bybit heist serves as a wake-up call for the entire cryptocurrency ecosystem to prioritize security and remain vigilant against the ever-evolving threat landscape.