The $1.5 billion Bybit hack has sparked serious security concerns. Crypto analyst David Leung has detailed the attack, highlighting major security lapses.
How the Attack Happened
The hackers deployed a trojan contract and a backdoor to compromise Bybit’s multisig wallet. They tricked the wallet’s signers into authorizing an ERC-20 token transfer that included a delegate call, altering the master contract logic. This gave them full control over the assets, allowing them to transfer all available ETH, mETH, stETH, and cmETH tokens to addresses they controlled.
Security Red Flags Ignored
Leung pointed out several signs that should have halted the transaction. The transfer was directed to an unlisted contract that wasn’t ERC-20 compliant, involved zero tokens, and used a delegate call. These loopholes should have triggered a compliance check, yet the transaction was still approved. This suggests the attackers had inside knowledge of Bybit’s operations.
Could This Have Been Prevented?
David emphasized that stronger pre- and post-signing security checks could have prevented the attack. Independent security layers might have identified the suspicious elements before approval. The hack highlights the growing sophistication of crypto attacks and the urgent need for improved security protocols in the industry.
The Bybit hack illustrates the need for updated security measures and awareness of potential threats. It also emphasizes the urgent need for stricter international laws and standards in the crypto industry to prevent such incidents.
