Cryptologic

.


This past month, hackers stole a staggering $1.5 billion from the crypto exchange Bybit in what the market dubbed “The biggest digital heist ever”. Unsurprisingly, the sheer scale of the attack has led many to once again question the safety of crypto, with critics pointing fingers at the industry’s security vulnerabilities. But here’s the twist: the wallets did their job. The problem wasn’t a failure of the underlying technology - it was a failure of ‘human’ security.

Janine Grainger, Founder and CEO of Easy Crypto, explores what happened, what’s being done to recover the funds and what needs to be considered as the industry works to prevent similar attacks in the future.

What exactly went wrong?

The bottom line is that the Bybit hack wasn’t a failure of blockchain security - the attackers didn’t crack an impenetrable system; they manipulated people…

In very simple terms, the attack occurred when the company was making a routine transfer of Ethereum from an offline ‘cold’ wallet (a highly secure, offline storage solution designed to protect assets from cyber threats by keeping private keys completely disconnected from the internet) to a ‘warm’ wallet (a semi-online wallet used for operational liquidity, allowing faster access to funds while maintaining some security measures) for daily trading activities.

The hackers gained access to the software account that helps Bybit control these transfers by compromising a developer’s machine. They remotely modified the user interface, injecting malicious code that manipulated the wallet’s transaction approval process. Employees who usually sign off these transfers saw what looked like legitimate transactions, but behind the scenes, the attackers rewrote the rules, diverting funds straight into hacker controlled accounts.

To make matters worse, the attack leveraged ‘blind signing’. When approving the transactions, employees were effectively signing off on something they couldn’t fully see on their screen. The attackers manipulated this process so effectively that employees believed they were approving routine transfers.

The combination of UI manipulation and blind signing created a near-perfect deception. Importantly, however, it wasn’t crypto’s technology that failed. It was a case of catastrophic human error.

Can the funds be recovered?

The hack has been attributed to North Korean state-sponsored hacking group the Lazarus Group who has a history of targeting crypto exchanges to fund North Korea's economy and sanctioned programs.

Working against this group is the traceability of blockchain. With all eyes on the stolen funds and every blockchain transaction publicly visible, being able to bank the money will be as difficult as stealing it in the first place (although some funds have also been converted into privacy-focused coins like Monero, which are much harder to track).

Importantly, Bybit acted swiftly to reassure customers and worked quickly to secure emergency funding to restore liquidity. They’ve also launched a comprehensive bounty program offering 5% rewards to individuals or firms that help identify and freeze these stolen funds. A real-time leaderboard has been set up to track progress, turning crypto sleuths into heroes!

Preventing future attacks

If there’s one takeaway from this attack, it’s that the industry needs stronger protections against cyber crime - including human-targeted cyber crime..

Exchanges need to go beyond traditional security - The danger of ‘blind signing’ has been made clear and needs to be phased out in favour of clear transaction signing so users can actually see what they’re approving.

In addition, multi-factor authentication for this type of signing could be enabled if exchanges opt to use multi-party computation (MPC) wallets which have started to gain favour in many circles over seed phrases, making key compromises far more difficult. MPC wallets distribute private key ‘fragments’ among multiple parties, reducing the risk of a single point of failure. Unlike traditional seed phrases, MPC eliminates the risk of a single exposed key leading to complete account compromise. (Easy Crypto’s wallet is an MPC wallet.)

Employees need better training - Cyberattack drills should be routine and phishing awareness training should be ongoing. Attackers are getting smarter and exchanges need to ensure their teams can recognise a red flag before it’s too late.

Real-time monitoring needs to be the standard - AI-driven security systems can flag unusual transaction patterns instantly, triggering immediate reviews and helping prevent unauthorised withdrawals.

The bigger picture

This hack didn’t expose flaws in blockchain itself - but it did expose the risks of human error and deception. That distinction, however, didn’t make much difference to the general public. The damage was done, and confidence in crypto security took yet another hit.

Hackers will keep coming…The real question is whether the crypto industry will learn from Bybit and act now to prevent the next attack? If they don’t, it’s only a matter of time before another billion-dollar breach shakes the market all over again.
Tagged under Janine Grainger, Founder and CEO of Easy Crypto Bybit hackers Easy Crypto

Trending

The Impending Bitcoin Halving: Analysis and Implications

In the realm of cryptocurrency, few events command as much anticipation and speculation as the Bitcoin halving. Scheduled for April 20, the forthcoming halving is poised to reduce the BTC block rewa...

Worldcoin's Proof of Humanity Protocol: A Detailed Examination of the Security Audit

In the rapidly changing world of blockchain technology, the security and integrity of decentralised systems are of utmost importance. Worldcoin, a leading player in the cryptocurrency market, recent...

Gemini Exits Australian Market: What This Means for Crypto Users

Sydney, Australia – Cryptocurrency exchange Gemini, founded by Cameron and Tyler Winklevoss, has announced its withdrawal from the Australian market, alongside the UK and European Union. This move, ...

An open letter to the IRD: supporting clarity while enabling growth

By: Paul Quickenden, Swyftx NZ Country Manager Most people don’t think about tax when they think about crypto. They think about price, volatility and maybe regulation. But tax is where things becom...

Australian Police Crack Down on Crypto Crime Syndicate $58 Million Seized and 55 Arrested in Landmark Operation

Operation Ironside: Australia’s Largest Crypto-Linked Criminal Takedown In a decisive strike against organised crime and crypto-related money laundering, South Australia Police, in collaboration with...

Interest-Bearing Stablecoins in Australia: Regulation, Risks and the Future of Yield-Generating Digital Dollars

Stablecoins have become one of the fastest-growing segments of the global cryptocurrency market. Designed to maintain a stable value by pegging their price to fiat currencies such as the US dollar o...

Michael Saylor’s Bitcoin Strategy in 2025

Michael Saylor, co-founder and executive chairman of MicroStrategy, has become one of the most influential figures in the cryptocurrency space. In 2025, his Bitcoin investment strategy continues to...

Deposit & Win Big—Up to $4,500 Bonus on BingX!

It’s time to boost your crypto portfolio! Deposit USDT on BingX this month for a chance to win prizes up to $4,500, including bonus vouchers and exclusive graded rewards. Key Details Event dates...

Bitcoin 2.0 - 2025 is the year crypto grew up (mostly!)

By Paul Quickenden, Swyftx New Zealand Country Manager If 2021 was the year crypto went ‘mainstream’ - with institutions piling in, NFTs exploding into culture and Bitcoin becoming dinner-table conve...

Stablecoins, smart contracts and the rise of more intelligent cash

Written by Paul Quickenden - Chief Commercial Office of Easy Crypto Fintechs already have the talent, the ingenuity and after a decade of challenger success with innovations like Wise’s borderless ac...

Have we finally broken Bitcoin’s four-year cycle?

By Paul Quickenden, Swyftx New Zealand Country Manager Trying to forecast Bitcoin’s next move can feel a bit like trying to read a crystal ball … the next four weeks are hard enough, let alone the ne...

Bitcoin ETF Anticipation Grows as Global X Refines Filing

In a pivotal development for the cryptocurrency market, Global X ETFs, a prominent Exchange Traded Fund (ETF) provider headquartered in New York, has recently made substantial amendments to its fili...

Cryptocurrency Emerges as the Dominant Force in Aussie DIY Pensions

In recent years, Australians have witnessed a seismic shift in retirement investment strategies, with an unprecedented surge in self-managed super funds (SMSFs) embracing the dynamic realm of cryp...

Safeguarding Cryptocurrency: Understanding and Mitigating Common Security Threats and Risks

Cryptocurrency has gained significant popularity in recent years, but with its rise, security concerns and risks have also increased. In this conversation, I would like to discuss the various security...

Unveiling the Ascension: Bitcoin Surpasses $66,000 Mark

In a groundbreaking surge, Bitcoin has catapulted above the $66,000 mark, marking a historic milestone in the digital currency's ascent. As of Wednesday, US time, Bitcoin proudly stood at $66,096, a...