Bybit's US$1.5 billion loss: Is a multi-signature wallet really safe?

How it happened

The theft involved 401,000 ETH, the native cryptocurrency of the Ethereum blockchain, valued at approximately US$1.5 billion. The FBI has attributed the hack to North Korean hackers, with crypto investigator ZachXBT identifying them as the Lazarus Group, a hacking collective with a long history of conducting sophisticated crypto heists.

The massive sum was moved from cryptocurrency exchange ByBit’s cold wallet (a type of storage meant to keep funds safe by keeping them offline and away from hackers) to a hot wallet (an internet-connected cryptocurrency wallet that allows convenient transactions but is more vulnerable to hacks and theft).

To add an extra layer of protection for their transactions, ByBit has been using a multi-signature wallet setup provided by Safe, a popular decentralized custody service trusted by many institutions.

RMIT Senior Lecturer of Software Engineering and crypto expert Dr Jeff Nijsse explains, “A multi-signature wallet is like a digital safe that requires multiple keys to open. In this case, several authorized people, called signers, must physically approve a transaction by pressing ‘accept’ on their devices.”

“This system was meant to ensure that no single person could move the funds alone. But despite these safeguards, the attackers found a way in,” he added.

The attackers gained access and altered the Safe wallet interface, making it appear identical to the legitimate one, so the three ByBit signatories had no immediate reason to suspect foul play.

The last person to sign was ByBit’s CEO Ben Zhou, who thought he was authorizing a routine amount for the cryptocurrency exchange. But in reality, this allowed the hackers to reroute the entire contents of the account, about 401,000 ETH.

What went wrong?

Dr Nijsse points out that the attack exploited a key vulnerability: multi-signature security hinges on the integrity of the signers and their environment. If the interface they rely on is compromised, the multi-signature safeguard becomes irrelevant.

“The attackers didn’t need to steal the keys, just convince enough signers – or their devices – to approve the malicious transaction, which in a blockchain context is a one-way transaction that cannot be recalled,” he said.

Dr James Kang, a senior lecturer of Computer Science at RMIT, believes that this task would have been highly challenging for the attackers to execute. This suggests that they likely observed transactions over an extended period to understand the timing and patterns of these transaction trends.

"These hackers have also been long known for their relentless social engineering prowess. They often spend weeks or months building online personas that ultimately win the trust of targets,” Dr Kang said.

“That persistence likely allowed the thieves who hit ByBit to somehow tamper with the user interface of each company employee whose digital imprimatur was required to move the funds out of cold storage – and ultimately into wallets the hackers controlled – all at breakneck speed."

What now?

The industry has reacted strongly with pushes to use tools that improve transaction transparency and security (such as Ledger’s push for “Clear Signing” and Fireblocks’ call for MPC wallets).

There have also been calls for Ethereum to execute a hard fork and “roll back” the blockchain to before the transaction, thus returning the stolen funds, a controversial event that happened after the DAO hack in 2016.

The hack occurred during a routine transfer from a cold wallet to a warm wallet. Preliminary post-mortem indicates that Safe's front end was compromised with malicious Javascript. Since the event, Safe has rolled out additional validations for transaction hash, data, and signatures, and some enhanced monitoring. ByBit has started a website where citizen investigators can help follow the money, earn bounties, and call out bad actors in the industry that allow the stolen funds to circulate. 

Dr Jeff Nijsse said: “Even with audited and tested smart contracts, multi-signature functionality, and secure hardware, phishing and social engineering – tricking people rather than breaking code – continue to be hackers’ most effective weapons.”

“Moving forward, validation and safeguards will become more important, such as in-person verification, and built-in limits and delays in transaction processing,” he added.