Show Notes
#Bybit Exchange Allegedly Hacked For $1.5 Billion Worth Of $ETH (OOC)
#Crypto #Cryptocurrency #podcast #BasicCryptonomics
Website: https://www.CryptoTalkRadio.net
Facebook: @ThisIsCTR
Discord: @CryptoTalkRadio
#Bybit Exchange Allegedly Hacked For $1.5 Billion Worth Of $ETH (OOC)
/
RSS Feed
Episode
•
February 21, 2025
•
00:05:24
Hosted By
View Full Transcript
Episode Transcript
[00:00:00] Out of cycle Update, Fake out, Shakeout, Takeout, CryptoTalk FM. My name is Leister, I'm your host with a breaking update spreading across the web, spreading across social media, spreading across the news that Bybit allegedly just got breached a few hours ago for $1.5 billion worth of Ethereum. I've got a little bit detailed as to what happened and I'll share my thoughts as a technologist myself, as well as being a former auditor. Here's the summary of what went on. So the ETH was stored allegedly in a cold wallet, which is good practice. There's a multi sig around this wallet, so it takes multiple and they use a service called safe, and SAFE presents, or it's supposed to present basically the interface by which they go in and do their signature. The way that this hack was conducted, I think was very brilliant. I think it's very advanced and it should concern you. The eats being dumped as I speak this. But I want to explain the breach because it's important that you understand why this is such a big problem, because it means that pretty much anybody that uses this kind of protocol for the multisig and to secure assets that are sitting in a cold wallet is at risk. So you've been told, keep your stuff in a cold wallet. You know, multi sig is good. Protect your keys. That you've been told multiple times about all these good practices. One thing I said in an old episode is that it doesn't really matter how good you are, you're going to get breached if they work hard enough to get you breached. What you need to do is to make sure that you are communicating. And I would argue that Bybit did a decently good job communicating to the public about what happened as soon as they knew. This was reported by Zack xbt, of course, he's one of those sleuths and he reported what was going on and what he saw and what he felt about it. Well, here's how this works, this breach, so you understand why it's dangerous and why people are concerned. And there's speculation that's going to keep happening multiple times and we're going to see some crash of some pretty large cryptocurrencies over the next year.
[00:02:05] The way this works is that this attack is to fake out, to fake the interface used by SAFE as well as others. But SAFE was one of the most notable. SAFE is the company that provides the service for the multisig authorization. They fake that interface and then they give you a link, especially crafted link. It looks legit you like a dumbass, click it and you're presented with an interface that looks all legit. You submit what basically is malicious code, bad code. And the malicious code changes the actual smart contract logic of the cold wallet. So there's a smart contract exchange as far as information that happens to unlock the funds. What this is doing is it's actually altering the logic of that contract. So it's tricking the, the wallet effectively to grant the malicious actor access using your authorization to a fake interface. That's essentially what happened. Once they got access to the wallet, they started draining all the e. They said only one cold wallet was compromised and, and that all the other ones were safe. I don't know how they can guarantee that, but that's what they said.
[00:03:13] And again, multiple people that were in the security vector came out and said this is going to be a problem. This is going to happen multiple times. There's really no clean way to stop this. Multiple such breaches have happened in the past. Wiser X was one of the larger ones that I can recollect on top.
[00:03:29] But the, the, the key here is that once this, if somebody clicks a sketchy link and if you're not paying attention to the link and you're not checking your links and you're not double checking and you know, a lot of this is about human error, frankly. A lot of this is just if the user screws up and they don't get it right. This is the kind of thing that happened. That's basically what happened here. So I'm not trying to ridicule them or give them a hard time. I want to just make sure you understand this is not one of those where as far as anybody can see, where somebody inside stole the funds. Some people speculate that on social media. I don't buy into that one because I feel like the, the guy's name has been Zhao. It feels like he's doing a good job of communicating what was going on as well as the mitigations that were put in place to prevent a larger breach. And they claim that they got a one to one that people's funds are safe. I don't know how safe they really are. This is a large amount of money. So if they're not able to get people whole in terms of what money is owed, we could see something similar to an ftx, certainly not to that scale, but something similar to an FTX with strong price depression. Because it's not just what happened on the breach side and money lost there. It's you know tokens sold on the free market and just declining price as people are just they're just selling so they're trying to dump it right and get the cash and they're too stupid to you know chunk it out or whatever because they know they'll get traced so they're just dumping to try to get away from it get away from the smoke. There's that but there's also the sentiment loss there's people pulling out of the exchange loss of liquidity there's all sorts of domino effect that could happen as a part of this so I'm sharing it so you're informed if you're watching some of this traffic that's what's going on and that's what's triggering what might be and I don't know for sure but what might be a strong negative price movement specifically around Ethereum but I think some of the other tokens are going to be affected as well. We'll keep, we'll stay tuned on this business.
