Friday 21 February 2025 the crypto world was shaken by the announcement from Ben Zhou, the CEO of Bybit, the Dubai-based crypto exchange second in the world by volume (after Binance) who made public a hacker attack on a cold wallet (an offline wallet: yes you read correctly, it is a wallet not connected to the internet) capable of stealing ETH deposited in staking, mETH and other ERC20 tokens, for a total of more than 1.4 billion dollars, the largest theft in the history of cryptocurrencies.
The history of these attacks begins with MtGox, a Japanese crypto exchange “hacked” not once but twice, the first time in 2011, the second in 2014. The point is that these attacks (which stole bitcoin) depended on flaws in the exchange’s security protocols, flaws that had been widely covered up for more than ten years. And yet the thefts still occur. Needless to say, if you look at the reports from software companies dealing with blockchain analysis such as Chainalysis, thefts in the digital asset world happen continuously, but this one obviously made the news due to its magnitude and partly because it appears to have been perpetrated by a well-known group of Korean hackers “Lazarus Group” implicated in other well-known and recent cases: Ronin Network, DMM Bitcoin and WazirX, all characterized by the same method.
In the case of MtGox, the “accomplice” of the 2014 attack was a bug in the transaction validation protocol known as transaction malleability. Technically, the attack was possible because the hashing used to identify a block of transactions and that used for the digital signature (that is, the command to transfer funds, which only the holder of the private key can issue) were performed on two different sets of information. The hacker probably requested MtGox to return the Bitcoin he had deposited at the exchange, which then issued a refund transaction with a certain hash identifier. The transaction was intercepted by the hacker who changed its content in order to alter the transaction’s hash code, but not the digital signature which remained valid. He then re-broadcast the modified transaction to later claim from MtGox the failure to complete the refund transaction. Once the exchange realized that the refund transaction (having had its identifier altered by the hacker) had not been validated, it issued a new one with a different hash code to avoid double-spending and the attack continued until about 7% of all Bitcoin in circulation at the time was stolen.
In the case of Bybit, the attack focused on Ether and exploited an innovation that did not exist at the time of MtGox: the smart contract. Let us then try to understand better how the hackers managed to steal these digital assets. A precise and comprehensive analysis was provided by SlowMist, a cybersecurity company specialized in blockchains that offers its services to the most well-known players in the sector. We will try to explain the attack in an intuitive way. First of all, it occurred in three phases:
1) An innocent transaction from the cold wallet to a hot (or warm, hardly matters) wallet;
2) The innocent transaction contained the flaw (the Trojan horse) that triggered the execution of a malicious contract;
3) The malicious contract transferred the tokens to an address from which they were split up and re-transferred into 40 different addresses and from there re-transferred to cover their tracks.
The question now arises. How was it possible to trigger the malicious contract in phase 2? For security reasons (essentially the protection of private keys) Bybit, like many other operators, uses GnosisSafe, a smart contract wallet that requires a multi-signature procedure to authorize a transaction, in this case a transaction from an offline wallet to an online wallet. Roughly speaking, using the private key to execute a transaction requires more than one confirmation (in this case it required three). When a transaction is initiated on the Ethereum network the parameters to be approved (with the digital signature) are “to” (the recipient) and “data” (the subject of the transaction). However, GnosisSafe provides another parameter “operation” which can only assume two values: “0” which allows calling the function execTransaction that executes the contract desired by the user; or it can assume the value “1” and thus GnosisSafe no longer calls execTransaction, but DelegateCall, that is, a function that activates another contract: and it is exactly in this way that the hackers triggered the malicious contract, which took control of the cold wallet by allowing the execution of two functions: sweepETH and sweepERC20 (we do not believe it is necessary to explain what these two functions did).
At this point one may ask: how is it possible that three different signatories (who are human operators) did not notice the change from “0” to “1” in the “operation” parameter? There is the suspicion that the parameter was “obfuscated” (displayed as a zero to the operator when in reality it was a one: not an easy feat!), but perhaps there is an even more banal explanation: think about when you log into your e-banking rather than your web-email; how many check the URL bar to make sure that the protocol is https instead of the simple (and insecure) http or that the address is correctly written (a single letter change could escape any eye)?
And above all, how many forget to activate two-factor authentication, which nonetheless provides greater security? Probably three checks for a parameter that is hardly ever used are not effective.
Yet on Reddit the hypothesis is floated that Bybit’s security levels were not top-notch (as is the case for other platforms like Fireblocks or Coinbase) in order not to sacrifice transaction speed.
In the meantime, investigations continue to trace the path of the stolen tokens and rewards are even being offered to entice ethical hackers to cooperate in the search. However, we cannot fail to highlight the usual staged script: the announcement of the attack by the top management of the attacked platform (see the statement on Bybit’s website), often first made on social media (such as X, for example), the reassurance that the situation is under control and that the exchange has the means to compensate users. Exactly what Ben Zhou did: the attacked cold wallet is the only one; the others are safe; Bybit has the means to compensate, etc.
We continue to maintain the same point. Crypto exchanges are centralized structures (which therefore have nothing to do with the basic philosophy of blockchains: decentralization) entirely similar to the traditional exchanges we know, with the difference that instead of transferring assets off-exchange through databases and centralized connections they do so using blockchains, something that traditional exchanges could also do, by the way. We therefore ask ourselves why these structures are not regulated and supervised like all the exchanges we operate with; why no one can check the capitalization and the actual amounts that these exchanges put as collateral for investors, but instead one must trust the word of their management? Why – if they indeed exist – does no one impose on all these structures (without exception) the highest existing security standards?
Disclaimer: This article expresses the personal opinion of the contributors at Custodia Wealth Management who wrote it. It does not constitute investment advice or recommendations, personalized consulting, and should not be considered as an invitation to engage in transactions involving financial instruments.
