The $1.5 billion Bybit crypto hack: How to stop it happening to you
Crypto exchange Bybit was hacked for $US1.5 billion in Ethereum. Here's how you can protect yourself.
As if to rub salt in the wounds after what has been a tough few weeks for the cryptocurrency markets, Bybit was recently the victim of arguably the largest heist in history.
The Dubai-based crypto exchange fell prey to a sophisticated hack that saw around $US1.5 billion in Ethereum stolen via a vulnerability known as "blind signing".
North Korean hackers, known as the Lazarus Group, are suspected to be behind the theft, according to the FBI, and may use the stolen coins to fund the country's military development.
While Bybit have already restored its reserves following the hack, it has called on the "brightest minds" in cybersecurity and crypto to aid in recovering the funds.
But there's one solution that could have prevented it altogether.
How the hack happened
Crypto exchanges routinely move the funds they hold on behalf of customers between so-called "hot" and "cold" wallets.
Hot wallets are those used to facilitate everyday transactions, while cold wallets are used for long-term storage of crypto assets and are generally more secure than hot wallets.
In order for funds to be moved between wallets, the owners of the wallet (in this case Bybit) must digitally sign a transaction to confirm that it is legitimate.
According to blockchain analysis company Chainalysis, the recent hack was made possible by exploiting this process.
A piece of malicious code was added to the interface used to manage Bybit's crypto transactions using a compromised computer.
This code allowed the hackers to disguise the hack as a routine transfer between Bybit's hot and cold wallets, when in fact the exchange was "blind signing" a transaction that instead allowed the hackers to send US$1.5 billion in Ethereum tokens to their own crypto wallets.
How to protect yourself
These so-called "blind signing" transactions are one of the main causes of crypto hacks, with billions lost to similar hacks each year.
As crypto transactions become increasingly complex, users are often authorising transactions and giving permissions to external platforms that they don't really understand, opening the door for malicious actors.
Crypto hardware wallet maker Ledger has implemented a solution to this issue that it has called "clear signing".
It comes in the form of an open source metadata format known as ERC-7730, which was added to Ledger's Live software program in 2024.
The new data format allows crypto wallets to clearly show users what they're actually signing when approving a transaction.
Clear signing has receive official support from other crypto companies including MetaMask, Rabby and 1inch, but Ledger is now campaigning for widespread adoption.
Ledger CTO Charles Guillemet called on the wider crypto industry to adopt this new standard and help protect against hacks.
"These hacks are not inevitable. Enterprises must strengthen security with B2B custody solutions designed for institutional needs," he said in a statement.
"Even if Lazarus compromised every laptop in an organisation, final approval on a secure screen would prevent unauthorised transactions."
So if you're concerned about your own funds being stolen, there's two things you can do to protect yourself:
- Never sign a transaction that you don't understand
- Consider getting a Ledger wallet
Join the crypto conversation – Follow us on X now
Trying to get a handle on the markets? Cut through the noise with our overview of the best cryptos to buy right now, explore some strategies for how to trade crypto or see if there's a better platform for you with our guide to the best crypto exchanges.
Disclaimer: Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.
Trusted by over 500,000 Aussies
Ask a question