3 0
Security Firms Claim Solutions Following Bybit’s $1.4 Billion Hack
The recent $1.4 billion exploit of Bybit was executed by North Korea's Lazarus Group, targeting the Safe{Wallet} system. The breach occurred via a compromised developer's machine, enabling the injection of malicious code into the transaction signing interface.
Key points include:
- Bybit's signers unknowingly approved fraudulent transactions due to UI manipulation.
- The final signer did not fully verify the transaction on his Ledger hardware wallet.
- The attack exploited human oversight, bypassing the need for smart contract or cryptographic breaches.
Former Binance CEO criticized Safe's response and raised questions about security practices within the industry.
A wave of companies rushes in
Following the hack, various firms claimed their solutions could have prevented it:
- OISY: Claims to eliminate weak links like browser extensions; however, the exploit was due to blind signing.
- Impossible Cloud Network: Attributes the issue to centralized services; the exploit stemmed from UI manipulation.
- Cubist: Advocates stricter signing policies that could have prevented the attack.
- Fireblocks: Suggests its MPC-based infrastructure would mitigate risks by enforcing transaction rules.
The core lesson emphasizes the significant risk posed by trust in compromised UIs. The crypto industry must prioritize security measures such as strict transaction signing policies and mandatory verification processes to prevent similar attacks in the future.







