TL;DR: In the largest heist ever, nearly $1.5B were stolen from ByBit exchange. We believe it should serve as a wake up call for the industry to re-examine and update our so-called “best practices” that were proved inadequate. We will examine them in a blog series. In the first part of the series, we present a concise description of the attack.
ByBit is a centralized exchange, managing $15B of assets in multiple crypto currencies at the time of heist, mostly in Bitcoin and Ethereum. To manage their Ethereum based assets, ByBit was using the Safe{wallet}’s multiple signatures smart contract based wallet. This wallet mandated that each action within the wallet will be cryptographically signed by three signers. ByBit used hardware devices (“HW wallets”) for the task of protecting the signers’ private keys and signing transactions.
According to ByBit’s and Safe{Wallet}’s cyber forensic publicly available reports, the attack consisted of five main steps depicted in the illustration above:
- Social engineering: SafeWallet developer was tricked into installing an open source project on their development computer. This project contained a backdoor that allowed the attackers to install malware on that machine
- Lateral movement: Using the developers credentials, the attackers were able to connect to Safe{Wallet}’s production environment, and change the wallet’s User Interface (UI). The change that was targeted to ByBit’s signer addresses, changed the binary contents of a benign transaction into a malicious one.
- Malicious transaction signing: When ByBit signers connected to their Safe{Wallet}’s User Interface (UI), a malicious transaction was returned for their hardware wallets to sign. Since it is impossible to verify the transaction details using hardware wallets the signers blindly signed the transaction.
- On-chain takeover: Once the last ByBit signers signed the malicious transaction, it was broadcasted to the blockchain. The malicious transaction abused the smart contract’s functionality to practically re-write it and change the ownership to a smart contract controlled by the attacker.
- Heist: Using the newly introduced attacker controlled smart contract, the attacker could issue multiple transactions to withdraw all of ByBit’s funds from that contract, a total amount of about $1.5B.
A more detailed account and discussion can be found in our fireside chat:
What’s Next?
Experience is the best teacher, but in this case it had an extremely high tuition fee of $1.5B. ByBit paid this price for all of us, and we, the crypto community are getting this invaluable learning opportunity for practically free.
We need to ask ourselves the hard questions, especially if the current state of our industry’s “best practices”, include:
- Hardware wallets
- Multi Signature wallets
that continue to fail so hard. Maybe, just maybe, they shouldn’t be “best industry practice”?
In the following parts of this series we will go deeper into these questions and try to answer them.
Stay tuned! Follow us on @Zengo on X for updates in the meantime.
