How to Secure Your Crypto After the $1.4B Bybit Hack

The February hack against Bybit sent ripples through the industry after $1.4 billion in Ether-related tokens was stolen from the centralized exchange, reportedly by the North Korean hacking collective Lazarus Group, in what was the most costly crypto theft ever. The fallout from the hack has left many people wondering what went wrong, whether their own funds are safe, and what should be done to prevent such an event from happening again.

Understanding the Bybit Hack

According to blockchain security company CertiK, the massive heist represented a nearly 1,500% increase in total lost crypto from January as a result of the incident. On Episode 57 of Contelegraph’s The Agenda podcast, hosts Jonathan DeYoung and Ray Salmond speak with CertiK’s chief business officer, Jason Jiang, to break down how the Bybit hack happened, the fallout from the exploit, what users and exchanges can do to keep their crypto secure, and more.

How the Hack Occurred

Put simply, Lazarus Group was able to pull off the massive hack against Bybit because it managed to compromise the devices of all three signers who controlled the multisignature SafeWallet Bybit was using, according to Jiang. The group then tricked them into signing a malicious transaction that they believed was legit. This incident raises questions about the security of multisignature wallets and the potential vulnerabilities they may have.

Is SafeWallet Trustworthy?

Does this mean that SafeWallet can no longer be trusted? Well, it’s not so simple, said Jiang. “It is possible that when the Safe developer’s computer got hacked, more information was leaked from that computer. But I think for the individuals, the likelihood of this happening is rather low.”

Enhancing Your Crypto Security

He said there are several things the average user can do to drastically increase their crypto security, including storing assets on cold wallets and being aware of potential phishing attacks on social media. When asked whether hodlers could see their Ledger or Trezor hardware wallets exploited in a similar manner, Jiang again said that it’s not a big risk for the average user — as long as they do their due diligence and transact carefully.

Best Practices for Crypto Transactions

“One of the reasons that this happened was that the signers were like a blind-send-signing the order, just simply because their device did not show the full address,” he said, adding, “Make sure that the address you are sending to is what you’re intending to, and you want to double check and triple check, especially for larger transactions.”

The Role of Regulations in Crypto Security

Jiang pointed to a lack of comprehensive regulations and safeguards as a potential element contributing to the ongoing fallout from the hack, which fueled debates over the limits of decentralization after THORChain refused to roll back or block any of Lazarus Group’s efforts to use the protocol to convert its funds into Bitcoin. “From our view, we think crypto, if it is to be flourishing, it needs to hug the regulation,” he argued. “To make it easy to be adopted by the mass general here, we need to hug the regulation, and we need to figure out ways to make this space safer.”

Conclusion: Moving Forward Safely

Jiang commended the response to the incident, but he also pointed out that the industry must learn from this event to enhance security measures. As the crypto landscape continues to evolve, it is crucial for users to stay informed and proactive in protecting their assets. By implementing best practices and advocating for stronger regulations, the crypto community can work towards a safer future.