CertiK exec explains how to keep crypto safe after $1.4B Bybit hack

The February hack against Bybit sent ripples done the manufacture aft $1.4 cardinal successful Ether-related tokens was stolen from the centralized exchange, reportedly by the North Korean hacking corporate Lazarus Group, successful what was the astir costly crypto theft ever.

The fallout from the hack has near galore radical wondering what went wrong, whether their ain funds are safe, and what should beryllium done to forestall specified an lawsuit from happening again.

According to blockchain information institution CertiK, the monolithic heist represented roughly 92% of each losses for February, which saw a astir 1,500% summation successful full mislaid crypto from January arsenic a effect of the incident.

On Episode 57 of Contelegraph’s The Agenda podcast, hosts Jonathan DeYoung and Ray Salmond talk with CertiK’s main concern officer, Jason Jiang, to interruption down however the Bybit hack happened, the fallout from the exploit, what users and exchanges tin bash to support their crypto secure, and more.

Are crypto wallets inactive harmless aft Bybit hack?

Put simply, Lazarus Group was capable to propulsion disconnected the monolithic hack against Bybit due to the fact that it managed to compromise the devices of each 3 signers who controlled the multisignature SafeWallet Bybit was using, according to Jiang. The radical past tricked them into signing a malicious transaction that they believed was legit.

Does this mean that SafeWallet tin nary longer beryllium trusted? Well, it’s not truthful simple, said Jiang. “It is imaginable that erstwhile the Safe developer’s machine got hacked, much accusation was leaked from that computer. But I deliberation for the individuals, the likelihood of this happening is alternatively low.”

He said determination are respective things the mean idiosyncratic tin bash to drastically summation their crypto security, including storing assets connected acold wallets and being alert of imaginable phishing attacks connected societal media.

Source: CertiK

When asked whether hodlers could spot their Ledger oregon Trezor hardware wallets exploited successful a akin manner, Jiang again said that it’s not a large hazard for the mean idiosyncratic — arsenic agelong arsenic they bash their owed diligence and transact carefully.

“One of the reasons that this happened was that the signers were similar a blind-send-signing the order, conscionable simply due to the fact that their instrumentality did not amusement the afloat address,” helium said, adding, “Make definite that the code you are sending to is what you’re intending to, and you privation to treble cheque and triple check, particularly for larger transactions.”

“I deliberation aft this incident, this is astir apt going to beryllium 1 of the things the manufacture volition effort to close itself, to marque the signing much transparent and easier to recognize. There are truthful galore different lessons being learned, but this is surely 1 of them.”

How to forestall the adjacent multibillion-dollar speech hack

Jiang pointed to a deficiency of broad regulations and safeguards arsenic a imaginable constituent contributing to the ongoing fallout from the hack, which fueled debates implicit the limits of decentralization aft several validators from crosschain bridge THORChain refused to rotation backmost oregon artifact immoderate of Lazarus Group’s efforts to usage the protocol to person its funds into Bitcoin (BTC).

“Welcome to the Wild West,” said Jiang. “This is wherever we are close now.”

“From our view, we deliberation crypto, if it is to beryllium flourishing, it needs to hug the regulation,” helium argued. “To marque it casual to beryllium adopted by the wide wide here, we request to hug the regulation, and we request to fig retired ways to marque this abstraction safer.”

Related: Financial state means stopping crypto MEV attacks — Shutter Network contributor

Jiang commended Bybit CEO Ben Zhou connected his effect to the incident, but helium besides pointed retired that the exchange’s bug bounty programme anterior to the hack had a reward of conscionable $4,000. He said that portion astir radical successful cybersecurity are not motivated by wealth alone, having larger bug bounties tin perchance assistance exchanges enactment much secure.

When asked astir the ways exchanges and protocols tin motivate and clasp top-tier endowment to assistance support their systems, Jiang suggested that information engineers don’t ever get the recognition they deserve.

“A batch of radical accidental that the first-degree endowment goes to the developers due to the fact that that’s wherever they volition get astir rewarding,” helium said. “But it’s besides astir america giving capable attraction to the information engineers. They transportation a immense responsibility.”

“Cut them immoderate slack and effort to springiness them much credit. Whether it’s monetary oregon whether it’s recognition, springiness them what we tin afford, and marque it reasonable.”

To perceive much from Jiang’s speech with The Agenda — including however CertiK carries retired audits, however quantum computing and AI volition interaction cybersecurity, and much — perceive to the afloat occurrence connected Cointelegraph’s Podcasts page, Apple Podcasts oregon Spotify. And don’t hide to cheque retired Cointelegraph’s full lineup of different shows! 

Magazine: Bitcoin vs. the quantum machine menace — Timeline and solutions (2025–2035)

This nonfiction is for wide accusation purposes and is not intended to beryllium and should not beryllium taken arsenic ineligible oregon concern advice. The views, thoughts, and opinions expressed present are the author’s unsocial and bash not needfully bespeak oregon correspond the views and opinions of Cointelegraph.