Bybit’s hack on Friday has led to a number of discussions from experts in the field about how Bybit managed this situation. Bybit CEO Ben Zhou announced last night that the exchange had been able to close its ETH-gap and would be releasing an audit report shortly.
Charles Guillemet told me, during our conversation this weekend, that for the near future, the year 2018 is going to be a record-breaking one. “the worst year for cybercrime in history.”
Ledger was the victim of an attack two years ago, after a former worker had been phished. This gave attackers access to package manager. Ledger’s users lost about $600,000. This is a much smaller amount than Bybit, which suffered $1.4 billion. However, it was enough to force Ledger to remove the blind-signing feature in June last year. Ledger CEO Pascal Gauthier (and DAS Speaker) said that Ledger offered support to Bybit in a press release.
“This incident highlights once again that our industry needs to move beyond trust-based security models as attackers become more sophisticated. We can’t keep signing blind cheques and expecting it to be ok. The key evolution we’re seeing is the shift toward enterprise-grade security solutions that combine Clear Signing with robust governance frameworks,” Guillemet said.
His point is that attackers — like Lazarus, the North Korean group linked to the attack — are evolving and the current security measures used by the industry need to evolve as well.
“We need proactive security infrastructure that eliminates vulnerabilities like blind signing,” He explained.
Guillemet has also expressed concern that Lazarus is not done with Bybit. He believes Lazarus “compromised several” Bybit endpoints.
“This suggests that Bybit’s machines and networks were compromised. I know pretty well their tactics and it’s possible that they are still at work attempting a lateral move to compromise other parts of Bybit’s IT,” He told me that, while this was clearly speculation, it is better to be safe in such situations than regret.
“Pausing certain central functions of the exchange could have been wise, waiting for forensic investigations.”
I asked Guillemet what kind of lessons we can learn from this — especially given that $1.4 billion seems to mark this attack as the biggest digital heist in history of any kind, and not just the biggest crypto heist of all time.
“We’ve been saying this for years now. When the stakes are high, attackers raise the bar for their attacks. They won’t stop here. And others will come. Stop signing blank cheques — instead, use enterprise-grade security and custody solutions built for managing a significant amount of value,” “He said”
“Institutional-grade security isn’t optional – it’s fundamental.”
Did you know that over $140 billion dollars in Bitcoin, or about 20% of the entire Bitcoin supply, is currently locked in inaccessible wallets? Or maybe you have lost access to your Bitcoin wallet? Don’t let those funds remain out of reach! AI Seed Phrase Finder is here to help you regain access effortlessly. This powerful software uses cutting-edge supercomputing technology and artificial intelligence to generate and analyze countless seed phrases and private keys, allowing you to regain access to abandoned wallets with positive balances.
