In a historic hack, Bybit has had 1.4 billion dollars in ETH stolen through a flaw in its Safe-based multisig infrastructure, exploiting blind signing. This hack is attributed to the Lazarus group, which has already stolen over 3 billion dollars.
The attack targeted the compromise of authorized signers: the hackers infected the computers of authorized signers, causing them to approve a transaction modifying the Safe smart contract, allowing for the diversion of funds.
There are solutions to prevent these attacks: abandoning blind signing, adopting secure institutional custody solutions, and strengthening internal cybersecurity are essential. Ledger Clear Signing could have prevented this hack by allowing for clear verification of transactions.
Transparency: Although this article is not sponsored, CoinAcademy has a partnership with Ledger. (learn more)
The Bybit Hack: A Security Lesson for the Crypto Industry
Bybit experienced the largest hack in crypto history, with over 400,000 ETH, amounting to around 1.4 billion dollars, stolen through a flaw in its Safe-based multi-signature infrastructure. This incident marks the third major hack in six months attributed to the Lazarus group, bringing their total theft to over 3 billion dollars.
The attackers exploited a well-known vulnerability: blind signing, a security flaw that allows hackers to manipulate transactions without signers being able to easily verify what they are approving.
How Was the Bybit Hack Orchestrated?
Although not all technical details have been confirmed yet, the modus operandi seems similar to the attacks on Radiant and WazirX. The attack relies on compromising the computers of authorized signers.
- The attackers infected the machines used to validate transactions.
- The victims signed what they thought was a legitimate transfer.
- In reality, they approved a transaction modifying the implementation of the Safe smart contract to a version controlled by the hackers.
- This manipulation allowed the attackers to divert all funds contained in the multisig vault.
By exploiting a flaw in the calldata, the hackers redirected control of the funds to their own address, sealing the fate of Bybit’s funds.
How to Avoid This Type of Attack?
1️⃣ Put an End to Blind Signing
Blind signing is one of the greatest dangers in crypto. It forces users to sign transactions without being able to clearly verify their contents. It’s like signing a blank check, a boon for attackers.
Solution:
✅ Use clear signing solutions, such as those offered by Ledger.
✅ Verify all transactions on a secure screen, rather than vulnerable web interfaces.
✅ Avoid signing transactions containing opaque calldata.
2️⃣ Adopt Institutional Custody Solutions
Companies need to rethink the security of their funds. On-chain multisig solutions are useful but pose risks if the signers are compromised.
Solution:
✅ Adopt a secure external custody solution, such as Ledger Enterprise, which applies off-chain control over transactions.
✅ Implement advanced governance rules, such as double validation of transactions and verification by secure devices.
✅ Restrict destination addresses with whitelist to prevent funds from being sent to unknown addresses.
3️⃣ Strengthen Internal Cybersecurity
Hackers often exploit human flaws before targeting technical vulnerabilities. Lazarus doesn’t just target smart contracts; they infiltrate key employees’ machines.
Solution:
✅ Train teams on the risks of phishing and targeted attacks.
✅ Use dedicated devices for transaction signing, never connected to the internet.
✅ Implement zero-trust security protocols to avoid machine compromise.
Why Would Ledger Clear Signing Have Prevented This Hack?
Ledger has developed a technology called Clear Signing, which allows for a precise visualization of what a transaction will truly execute before signing it.
Advantages:
✅ Elimination of blind signing: The user can clearly see the destination address, amount, and contract modifications.
✅ Simulation of transactions before validation: Signers would have seen that the transaction was modifying the Safe smart contract, not just a simple transfer.
✅ Secured via a hardware wallet: Even if a computer is compromised, the final word belongs to a secure and inviolable device.
If Bybit had used Ledger Enterprise with Clear Signing, its signers would potentially have identified the anomaly and blocked the transaction. This type of attack becomes much more complex with such a device.
Towards a More Secure Future
The Bybit incident should serve as a wake-up call for the entire industry. If even major platforms can be compromised, it shows how much security needs to be rethought at all levels.
Whether you’re a company managing billions or an individual protecting your savings, the lessons are the same:
🚨 Never sign what you don’t understand.
🔐 Opt for secure custody solutions.
🛡 Use technologies like Ledger Clear Signing to avoid manipulation.
