Bybit Hack: ‘reckoning’ That Led Safewallet To Rearchitect Its Systems

Ethereum smart account wallet platform SafeWallet has rearchitected its systems in the wake of the infamous $1.5 billion theft of ETH from Bybit.

In February, the cryptocurrency ecosystem stood on the precipice of calamity. Hackers stole $1.5 billion of Ether from crypto exchange Bybit, the largest theft the industry had ever seen.

Fears of a contagion-driven market collapse were alleviated by an industry-wide effort to plug the gap at Bybit, and within hours, the exchange regained control of the situation.

The post-mortem revealed that Bybit’s routine transfer of Ether (ETH) between wallets had been captured by hackers. The attackers, believed to be North Korean Lazarus Group, compromised a SafeWallet developer machine, injecting malicious JavaScript into the user interface, which tricked Bybit’s multisignature process into approving a malicious smart contract.

9 months ago, Bybit suffered the largest-ever crypto heist, as hackers stole ~$1.5 billion in Ethereum (~401,000 ETH) during a routine ETH transfer.Since then, the team @safe has completely overhauled its infrastructure and systems. Safe CEO @rahulrumalla spoke candidly about… pic.twitter.com/fOYVOdF7ca

The incident was a wake-up call for the cryptocurrency industry, given that many exchanges and companies rely on the infrastructure and services of players like Safe. Even though Safe is a self-custodial wallet service, the incident proved that sophisticated social engineering or compromised physical hardware remains a threat to the entire industry.

Safe CEO Rahul Rumalla joined Cointelegraph’s Chain Reaction live show to reflect on the learnings and systemic changes necessitated by the Bybit incident and the ever-present, ever-changing threats from cybercriminals.

Related: SafeWallet releases Bybit hack post-mortem report

As Rumalla explained, a Safe developer workstation had been compromised, which set an entry point for hackers to stage an attack that could manipulate the website code.

The Safe CEO said that the situation “was a reckoning moment” that forced the team to reorganize its security and infrastructure. It also drew attention to industry-standard practices that may not be entirely suitable for the purpose.

Source: CoinTelegraph