Bybit Security Breach Highlights Weaknesses In Multi-Sig Cold Storage Solutions
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
Bybit recently experienced a significant security breach, revealing weaknesses in multi-sig cold storage and highlighting the urgent need for more advanced security measures.
Experts, including Ledger Chief Executive Officer Pascal Gauthier, Fireblocks, and Binance co-founder Changpeng Zhao (CZ), shared insights on the security weaknesses exposed by the breach. They also discussed the steps exchanges should take to protect digital assets from similar attacks.
Bybit leader Ben Zhou acted fast. He stopped withdrawals, began a full check, and worked with safety experts to limit the damage. His quick actions helped stop more losses and showed the need for good crisis handling.
Bybit Hack Highlights Need For Stronger Security And Off-Exchange Solutions
The breach caused over $1.4 billion in losses. Hackers used a tricky method to change call data and swap Safe’s setup with a bad version.
CZ said North Korea’s Lazarus Group, known for many exchange hacks, did the attack. He explained that they changed the front-end screen, showing a real transaction while secretly approving a bad one.
This attack is part of a growing number of crypto hacks going after multi-sig cold storage. CZ said that exchanges like WazirX and Phemex, which used different multi-sig providers, were also hit. This showed the problem is not just with one provider.
Blind signing is a big risk. Users and platforms approve transactions without fully knowing what they are saying yes to.
Pascal Gauthier from Ledger said using Clear Signing can stop these attacks. This method lets users check every transaction detail before signing.
Ledger, a leader in self-custody, protects over 20% of the world’s digital assets. The company is working to spread Clear Signing to help keep assets safe.
Bybit Hack Sparks Discussion On Multi-Sig Risks
Fireblocks helps institutions see transactions better with its DeFi threat detection and real-time monitoring. This helps spot and stop suspicious activity before it happens.
CZ and Fireblocks pointed out that multi-sig cold storage has weaknesses. While many use multi-sig, Fireblocks suggests switching to Distributed Multi-Party Computation (MPC) wallets. This method spreads key fragments across many parties, reducing the risk if one key is compromised. Fireblocks uses MPC for stronger security.
Enterprises are advised to use B2B custody solutions designed for their needs. Gauthier stressed that off-chain governance is key to stopping internal breaches from causing major losses. He noted that regulation, governance, and innovation often conflict.
A key suggestion is to avoid using exchange-controlled wallets. Instead, institutions should use off-exchange trading solutions, which store funds in separate collateral accounts, keeping them safer.
Fireblocks’ Off Exchange Settlement model removes the need to pre-fund exchange accounts, lowering counterparty risk during an exchange breach. Similarly, Ledger’s Tradelink off-exchange trading solution allows institutions to trade without exposing assets to counterparty risk.
