Bybit has suffered one of the most impressive hacks in recent times, in which unfortunately more than $1.4 billion dollars have been lost to an attack orchestrated by a team of hackers from North Korea (Lazarus Group). This is even more than the already surpassed situation that Poly Network had faced at the time, in which $611 million dollars had been stolen in 2021.
This massive theft affected a large number of clients, which caused others to decide to withdraw their funds as soon as they found out what was happening. Withdrawals are estimated to have exceeded $5.3 billion in just 24 hours. The dramatic aspect of the matter is that freezing assets to prevent them from being transferred is not something that happens immediately, and time is crucial to determine the amount of theft until security is no longer compromised.
The exchange has praised its partners, such as Theter, Circle and ThorChain, who together have managed to freeze stolen funds worth $42.89 million. I guess in these situations, cooperation is essential not only to strengthen ties, but it is also ideal to join forces to prevent attacks of this magnitude. And as I mention, again, time is crucial to prevent things from heading towards an even larger and much more dramatic scale. It is for that reason that the aforementioned companies have cooperated in providing blacklisted addresses, which have been successfully monitored and blocked, preventing a much worse outcome.
If we punctuate on the attack, according to the report provided by Bybit, an unauthorized activity had been detected in one of the Ethereum cold wallets, at the time of performing a routine transfer. Unluckily, at the instant of the transfer from the multi-signature ETH wallet to a warm wallet, there was a manipulation by an attack that took control of the Ethereum cold wallet, having managed to breach its smart contract and masked the signing interface. This led to an amount of 400,000 ETH and sETH being transferred to an unidentified address.
As a result of the draining of a large amount of ETH, there was a fairly pronounced shortfall in this regard, which caused Ethereum to fall by 3.3%, driving its price towards $2,700. Bybit, in this regard, has a reserve policy that it is executing in a timely manner, so it has managed to “inject” much of the shortfall of more than $1.4 billion.
In fact Bybit's own CEO, Ben Zhou, assures that “Bybit has completely closed the ETH gap”. In my perspective, I understand that this is a minimum required to be able to meet customer demand. The Lookonchain firm claims that 446,870 ETH have been acquired, valued at a sum of $1.23 billion. These come from loans, whale deposits and purchasing activities. In other words, if we put into context, 88% of the funds that have been stolen, have been replenished.
Post of Lookonchain on X
Bybit's policy called Proof of Reserves (PoR) ensures that clients are backed 1:1 with respect to the protection of their assets. In what I have been able to research I have found that there is a backing in cryptocurrencies, by quantity, that have a relationship to reserves. In all cases these reserves exceed the possession of your clients' assets, so on that side, the backing is fulfilled. With respect to what has happened with the ETH, supposedly they also have that backup, but what the company mentions, is that if necessary a bridge loan will be used in order for the clients to have their funds available. This makes me think that the remaining shortfall is about to be 100% completed in a matter of time.
Post of Ben Zhou on X
The way Zhou mentions that the backup will be done is surprising. It makes use of a Merkle tree, which is nothing more than a data structure, made up of a series of hashes that link a client's information to the blockchain record. It is of an immutable type, so if an attempt were made to manipulate a single hash, the others would change drastically, alerting the situation. In addition, the registration of this tree, can mean that there is a comparison of the balances before and after the hacking, which to my mind, is something necessary to be able to back up absolutely all customers.
As for the stolen funds, it is still being investigated where these funds are going. The blockchain intelligence firm Elliptic claims that there are more than $140 million dollars being converted to Bitcoin. It is also common in these incidents to make use of mixers to hide the trail of transactions, while using decentralized bridges and exchanges to mislead the ongoing investigation.
- Main and complementary image created in Dream Lab (AI) and edited in Canva.
- I have consulted information at decrypt.co: I and II.
- Translated from Spanish to English with DeepL.
Posted Using INLEO
The rewards earned on this comment will go directly to the people( @davideownzall ) sharing the post on Reddit as long as they are registered with @poshtoken. Sign up at https://hiveposh.com. Otherwise, rewards go to the author of the blog post.
This is a positive effort by Bybit to retain customer trust. I hear this Lazarus group' are not always interested in white hat compensation, hmmm. Adding to that, unity does a lot, the response from other exchanges has been another positive move. Let's hope it's all on the right accounts.