Recently, Bybit became the victim of one of the largest heists in history, raising significant questions about the security of crypto exchanges.
How the Hack Occurred
Bybit officially confirmed a breach in its Ethereum cold wallet. The attack occurred during a transfer from the cold wallet to a warm wallet, where the interface was altered, tricking users into approving a malicious transaction. This allowed the attacker to manipulate the wallet's smart contract logic, draining funds to an unknown address.
Crypto Exchanges Respond to Incident
In the wake of the attack, Bybit faced a significant increase in withdrawal requests, akin to a 'bank run.' To maintain liquidity, Bybit secured a $172.5 million loan from various exchanges, including Bitget and Binance, covering 80% of the lost Ethereum and avoiding market disruptions.
Hacker Uncovered: Lazarus Group's Role
Investigation by ZachXBT revealed the involvement of the Lazarus Group, a notorious hacking collective. Their involvement is supported by the sophisticated methods used, such as signature interface spoofing, leading to the $1.4 billion Ethereum theft.
Despite significant losses, Bybit continues operations with strong support from fellow exchanges. However, the hack raises critical concerns over the safety and stability of cryptocurrency exchanges amid persistent threats from advanced hackers.
