ByBit hacked for 1.4Bln. Funds are Safu?

[ajiz138]

According to some sources Bybit can still cover user funds because they have a total of 16B according to CMC, but this is still not valid and how hacks throughout history are repeated, but according to some other auditors say that Bybit is still safe.

Rumours claims hackers got gas fee from Binance...

Source not certified yet

Yeah the hackers got ETH funds from Binance to send the hacked ETH.
Can Binance reveal the identity of the user?
https://x.com/lookonchain/status/1893001719669518662

[Darker45]

Everybody who has balance on Bybit should take this small window of opportunity to withdraw everything immediately. Withdrawal is still allowed until now, but funds are fast leaving the platform. $1.4 billion is already lost. Another billions of outflow will probably happen in the next hours.

While Ben Zhou appears confident, adamant to keep withdrawals open, it might just be a matter of time before he'll be forced to halt withdrawals. This is a huge amount, but he seems to impress to all users that everything's fine. Everything's not fine.

Assurances overflow-- the rest of the wallets are safe, funds are safe, Bybit is solvent, we can cover the loss, funds are 1:1 backed, 99. 99% of recent withdrawals completed, blah blah. Well, that's the standard. That's also what an entire ship crew would tell to passengers before the ship sinks.

Even CZ himself has advised Ben to halt all withdrawals for the time being.



Better safe than sorry. Bybit may weather this storm, but the history of centralized exchanges is full of similar stories. We've already seen this scenario before, assurances before a collapse.

[Cossyblack]

#Bybit Hack Exposes Ethereum’s Weakness — Why This Can’t Happen to #Bitcoin:

Hackers exploited #Ethereum’s smart contract vulnerabilities to breach Bybit’s cold storage. After compromising the multisig signers’ computers, they sent spoofed transactions that appeared legitimate. While the hardware wallets confirmed the correct addresses, they failed to display hidden smart contract code, which granted the attackers control over the cold storage.

This type of attack is not possible with Bitcoin. Bitcoin transactions are simple and do not support embedded smart contract code, meaning a transaction with the correct “to” address shown on your Bitcoin-only hardware wallet would only transfer funds as intended, without hidden exploits.

Bitcoin scales in layers for a reason — the base layer must remain secure and reliable, while innovation happens on top.

Less code, less vulnerabilities.
X

[fillippone]

I finally found a first analysis of what happened, with some degree of detail.
It's not a full post-mortem, but it is very similar.

Preventing The Bybit Breach: FailSafe Stops Malicious Multisig Exploits

Anatomy of The Breach

• The Setup: Bybit uses a Safe multisig wallet for storing assets, which requires multiple signers to approve a transaction. Signers of the multisig wallet approve transactions via Safe’s user interface (UI).
• The Exploit: The devices (computers) responsible for signing transactions were compromised, enabling the attackers to manipulate Safe’s signing UI. The signers believed they were signing a legitimate and routine transfer, but were actually authorizing an upgrade of the wallet to use the malicious contract.
• The Outcome: The malicious contract re-routed funds to addresses controlled by the attackers. Authorities and investigation tools are currently tracing the flow of funds in an attempt to freeze or recover the stolen assets.

The Vulnerabilities Responsible
From our analysis, there are two key weaknesses the attackers were able to exploit:

• Lack of Employee Vigilance: TraderTraitor employs sophisticated social engineering techniques (such as impersonating recruiters on LinkedIn) to introduce malware into company systems. We are certain that the postmortem report will reveal that a Bybit employee unknowingly introduced malware onto a Bybit device, allowing the attackers to perform surveillance and prepare for the attack as long as they needed to.
• Lack of Transaction Security: A lack of risk and security checks on the proposed transaction resulted in the “blind signing” of the transaction. Multiple alerts should have been triggered based on the fact that the proposed transaction involved 0 token transfers, was interacted with an unlisted contract, and that the transaction is a delegate call operation.

Please disregard the part where they advertise their product.
Of course, I am not affiliated with that firm nor that orchids. Reposting here only for information purposes.

[cabron]

This is the sign already. When CZ revealed FTX insolvent exchange, that's when bear market started.  Bybit says they are not insolvent though but $1.5B looks very huge while they are not really that big of an exchange.

Depending on how you take this information and the timing of this incident. The signal is just something to be interpreted like how a bear market started. There is always something big before the bears started dumping.

[Dailyscript]

Like the Meme,
Oh shit, here we go again.


When everything is finally going on the right way, the news about a shitcoin casino makes the round:

What do you think? Honestly people should learn the hard way since they are ignorant to all the preaching on how bad keeping funds in centralized exchanges can be. Several occasions we have heard news like this, and iin regards to that general awareness and orientation campaigns where held so as to share the disadvantages of keeping funds in the exchange. Yet many persons dont learn. I am only feeling for Bybit for what have been lost but you see the victims they should take full responsibility of their action because this is exactly what they have been waiting for so that they will learn.

Sometimes the saying 'learning from experience' is always true. Humans dont like learning from other people mistakes they prefer getting first hand experience before they can learn but by then it will be too late because they may not recover after falling victim.

[virasog]

Yeah the hackers got ETH funds from Binance to send the hacked ETH.
Can Binance reveal the identity of the user?
https://x.com/lookonchain/status/1893001719669518662

According to some social media reports, the hack is done by Park Jin Hyok. He is a North Korea computer engineer and is linked with the Lazarus group. This is identified by Arkham Intelligence. I am not sure if he can convert his ETH into USDT as that then that address can be frozen by tether or if he tries to convert it in usdc, circle can freeze that address too. I have a feeling that sooner or later this hacker ParK Hyok will be arrested someday because he is been the center of discussion right now.

[LoyceV]

He is a North Korea computer engineer ~ I have a feeling that sooner or later this hacker ParK Hyok will be arrested someday

Who's going to arrest him? If he works for the North Korean government, all he has to do is stay there. If he ever manages to leave the country, he'll probably apply for political asylum. I don't think he has much of a choice to do this "job" in North Korea.

[tabas]

I am not sure if he can convert his ETH into USDT as that then that address can be frozen by tether or if he tries to convert it in usdc, circle can freeze that address too. I have a feeling that sooner or later this hacker ParK Hyok will be arrested someday because he is been the center of discussion right now.

They will still be able to convert that. Maybe to monero? they've done that with the past heist that they did with the Sky Mavis and that has been almost forgotten already. And with this incident, it only takes time for them to just leave and take some rest until they work on that. They're all criminals and have been doing this for so long, so it won't be surprising if they will have a way to convert that even if several companies will monitor and block the addresses used.

[jstyler]

hopefully bybit can vouch these funds and don't get stuck in a tether/usdc freeze situation, that could create more drama

[Publictalk792]

Everybody who has balance on Bybit should take this small window of opportunity to withdraw everything immediately. Withdrawal is still allowed until now, but funds are fast leaving the platform. $1.4 billion is already lost. Another billions of outflow will probably happen in the next hours.

Snip

Situation with Bybit is very serious and users should take action right away to get their money out. Even though Ben Zhou says everything is okay fact is that $1.4 billion is already gone shows that platform is having big financial problems. And this is big crypto hack. It is smart to be careful especially since other similar exchanges have had similar problems in past. And you mentioned the CZ tweet so CZ advice to stop letting people take out their money is clear sign that something is wrong. Users should not just believe what Bybit says and should focus on keeping their money safe instead. It is better to be safe than sorry and taking out your money now might be best way to protect your investments.

[Marykeller]

This is the sign already. When CZ revealed FTX insolvent exchange, that's when bear market started.  Bybit says they are not insolvent though but $1.5B looks very huge while they are not really that big of an exchange.

Depending on how you take this information and the timing of this incident. The signal is just something to be interpreted like how a bear market started. There is always something big before the bears started dumping.

Are we done with the bull run for the bear market to take over the market? The Bybit CEO has already said they can cover the loss, which I believe they will.

No more cause for alarm as Bybit exchange has promised to cover the loss, and their security team and the leading blockchain forensic are investigating the incidents. By the way, Bybit is ranked among the top crypto exchanges. They can pay off the amount stolen($1.5b)

[pawel7777]

OK, so Ethereum got hard-forked after $150 million DAO hack back in 2016, and now the current hack is almost ten times bigger. Do you think they should hard-fork it again to reverse the steal?
I seriously doubt they will, but I can't understand what would be ETH developers' arguments against it, if they still stand in a position that the 2016 fork was a good decision. I guess they could say that in 2016 they protected the community and individual investors and now, the only victim, at least officially is ByBit, who claim they can cover the loss from their own reserves.

The problem is, ByBit has no choice but to say that to prevent a bank run. But what if it turns out they were bluffing and they don't actually hold enough in reserves?
As a Bitcoin community, should we pressure ETH devs to fork it again to prevent a negative effect on the entire crypto-market especially when we're in the stage of potential bull-run to the new ATH (and so we can keep laughing at them afterward and pointing out how superior the Bitcoin is  )

[OmegaStarScream]

It looks like the hackers are now trying to use ChainFlip to swap ETH for BTC. This ChainFlip's response:

https://x.com/Chainflip/status/1893222347252875386

I'm not familiar with the protocol, but it looks similar to what Thorchain has been trying to achieve? Being able to trade cross chain without the use of wrapped tokens.

[Solosanz]

OK, so Ethereum got hard-forked after $150 million DAO hack back in 2016, and now the current hack is almost ten times bigger. Do you think they should hard-fork it again to reverse the steal?

They said it would ruin everything since Ethereum is complex now.

"I wish we could roll back for the Bybit hack, I'm not against the idea. But the DAO hack was 15% of ETH with a clean recovery path. Today, a rollback would break bridges, stablecoins, L2s, RWAs and so much more. ETH ecosystem is just too interconnected now for a clean solution like 2016," Santhosh said.

It looks like the hackers are now trying to use ChainFlip to swap ETH for BTC. This ChainFlip's response:

What an irony, they claimed to be decentralized exchange and trustless, but they use service to screen address and coins in order to censor specific transactions. Chainflip should be avoid to use, fortunately it's not listed on kycnot.me

Chainflip is a decentralised, trustless protocol that enables native cross chain swaps between different blockchains. It's a bit like Uniswap, but allows users to swap assets between major blockchains without any wrapped tokens, traditional bridging, and at extremely competitive pricing using the JIT AMM. It is totally generalised, decentralised, and is live on mainnet.

No, Chainflip is a decentralised exchange and therefore, there's no collection of personal data whatsoever. Keep in mind the records of all trades are still publicly visible on the Chainflip State Chain and the blockchains the protocol is connected to.

[arwin100]

This is the sign already. When CZ revealed FTX insolvent exchange, that's when bear market started.  Bybit says they are not insolvent though but $1.5B looks very huge while they are not really that big of an exchange.

Depending on how you take this information and the timing of this incident. The signal is just something to be interpreted like how a bear market started. There is always something big before the bears started dumping.

Are we done with the bull run for the bear market to take over the market? The Bybit CEO has already said they can cover the loss, which I believe they will.

No more cause for alarm as Bybit exchange has promised to cover the loss, and their security team and the leading blockchain forensic are investigating the incidents. By the way, Bybit is ranked among the top crypto exchanges. They can pay off the amount stolen($1.5b)

Don't worry about it we see market recover already also Bybit still operational despite of those big hacking issue happen to them. Also Bybit is earning a lot more so for sure they can recover those funds.

 It seems people are now calm now since we can see that everything goes fine on costumer side and Bybit make sure their costumer funds is fine.

Anyways Bybit CEO have this post on where they would give a reward to those who help to recover their hacked funds https://bloomingbit.io/en/feed/news/83737 and for sure they would do more actions since for sure they won't let this funds go away as easy as that.

[LoyceV]

Anyways Bybit CEO have this post on where they would give a reward to those who help to recover their hacked funds https://bloomingbit.io/en/feed/news/83737

From your link:

He added that "We will announce a reward program for those who help track or recover the stolen funds."

So you're announcing them announcing their announcement.

for sure they won't let this funds go away as easy as that.

It's too late for that.

[Catenaccio]

I wonder why this topic is not in Exchanges board?

It is about a hack on a centralized exchanges, and why it is in Service Discussion (Altcoins) board?

Hacked Exchanges since 2011
DeFi hacks (history).
Cryptocurrency exchange graveyard.
Report on crypto exchange hacks.

I am not sure if he can convert his ETH into USDT as that then that address can be frozen by tether or if he tries to convert it in usdc, circle can freeze that address too.

Stable coin companies like Tether can seize stable coins in your wallets, and if they want to support Bybit, they will do it easily.
PSA: Most Stablecoins Can Be Frozen, Even in Your Own Wallets

I have a feeling that sooner or later this hacker ParK Hyok will be arrested someday because he is been the center of discussion right now.

If he lives in North Korea and won't leave that nation, you can not arrest him there because he very posisbly works for Kim Jong Un.

[HelliumZ]

He is a North Korea computer engineer ~ I have a feeling that sooner or later this hacker ParK Hyok will be arrested someday

Who's going to arrest him? If he works for the North Korean government, all he has to do is stay there. If he ever manages to leave the country, he'll probably apply for political asylum. I don't think he has much of a choice to do this "job" in North Korea.

Is it possible that someone would act as the initiator of such a major hacking incident, but that hacker would not provide security and safe protection afterwards? Here, of course, the Korean government body is indirectly involved in this and will definitely work on his foreign security and political asylum. No hacking is possible without government intervention.

[albon]

.
Anyways Bybit CEO have this post on where they would give a reward to those who help to recover their hacked funds https://bloomingbit.io/en/feed/news/83737 and for sure they would do more actions since for sure they won't let this funds go away as easy as that.

UPDATE:

Paolo Ardoino, the CEO of Tether, announced today on his official account on X that they managed to freeze $181K worth of USDT linked to the hackers who breached the ByBit platform.

He mentioned that this work is "honest" despite being "not much" compared to the stolen amount, which exceeds $1.4 billion.

He added that he will keep monitoring and gave kudos to ZachXBT.

SOURCE: https://x.com/paoloardoino/status/1893288600625721804