Cryptologic

.


This past month, hackers stole a staggering $1.5 billion from the crypto exchange Bybit in what the market dubbed “The biggest digital heist ever”. Unsurprisingly, the sheer scale of the attack has led many to once again question the safety of crypto, with critics pointing fingers at the industry’s security vulnerabilities. But here’s the twist: the wallets did their job. The problem wasn’t a failure of the underlying technology - it was a failure of ‘human’ security.

Janine Grainger, Founder and CEO of Easy Crypto, explores what happened, what’s being done to recover the funds and what needs to be considered as the industry works to prevent similar attacks in the future.

What exactly went wrong?

The bottom line is that the Bybit hack wasn’t a failure of blockchain security - the attackers didn’t crack an impenetrable system; they manipulated people…

In very simple terms, the attack occurred when the company was making a routine transfer of Ethereum from an offline ‘cold’ wallet (a highly secure, offline storage solution designed to protect assets from cyber threats by keeping private keys completely disconnected from the internet) to a ‘warm’ wallet (a semi-online wallet used for operational liquidity, allowing faster access to funds while maintaining some security measures) for daily trading activities.

The hackers gained access to the software account that helps Bybit control these transfers by compromising a developer’s machine. They remotely modified the user interface, injecting malicious code that manipulated the wallet’s transaction approval process. Employees who usually sign off these transfers saw what looked like legitimate transactions, but behind the scenes, the attackers rewrote the rules, diverting funds straight into hacker controlled accounts.

To make matters worse, the attack leveraged ‘blind signing’. When approving the transactions, employees were effectively signing off on something they couldn’t fully see on their screen. The attackers manipulated this process so effectively that employees believed they were approving routine transfers.

The combination of UI manipulation and blind signing created a near-perfect deception. Importantly, however, it wasn’t crypto’s technology that failed. It was a case of catastrophic human error.

Can the funds be recovered?

The hack has been attributed to North Korean state-sponsored hacking group the Lazarus Group who has a history of targeting crypto exchanges to fund North Korea's economy and sanctioned programs.

Working against this group is the traceability of blockchain. With all eyes on the stolen funds and every blockchain transaction publicly visible, being able to bank the money will be as difficult as stealing it in the first place (although some funds have also been converted into privacy-focused coins like Monero, which are much harder to track).

Importantly, Bybit acted swiftly to reassure customers and worked quickly to secure emergency funding to restore liquidity. They’ve also launched a comprehensive bounty program offering 5% rewards to individuals or firms that help identify and freeze these stolen funds. A real-time leaderboard has been set up to track progress, turning crypto sleuths into heroes!

Preventing future attacks

If there’s one takeaway from this attack, it’s that the industry needs stronger protections against cyber crime - including human-targeted cyber crime..

Exchanges need to go beyond traditional security - The danger of ‘blind signing’ has been made clear and needs to be phased out in favour of clear transaction signing so users can actually see what they’re approving.

In addition, multi-factor authentication for this type of signing could be enabled if exchanges opt to use multi-party computation (MPC) wallets which have started to gain favour in many circles over seed phrases, making key compromises far more difficult. MPC wallets distribute private key ‘fragments’ among multiple parties, reducing the risk of a single point of failure. Unlike traditional seed phrases, MPC eliminates the risk of a single exposed key leading to complete account compromise. (Easy Crypto’s wallet is an MPC wallet.)

Employees need better training - Cyberattack drills should be routine and phishing awareness training should be ongoing. Attackers are getting smarter and exchanges need to ensure their teams can recognise a red flag before it’s too late.

Real-time monitoring needs to be the standard - AI-driven security systems can flag unusual transaction patterns instantly, triggering immediate reviews and helping prevent unauthorised withdrawals.

The bigger picture

This hack didn’t expose flaws in blockchain itself - but it did expose the risks of human error and deception. That distinction, however, didn’t make much difference to the general public. The damage was done, and confidence in crypto security took yet another hit.

Hackers will keep coming…The real question is whether the crypto industry will learn from Bybit and act now to prevent the next attack? If they don’t, it’s only a matter of time before another billion-dollar breach shakes the market all over again.
Tagged under Janine Grainger, Founder and CEO of Easy Crypto Bybit hackers Easy Crypto

Trending

Understanding Bitcoin Market Dynamics: Analysing the MVRV Ratio

In the ever-evolving landscape of Bitcoin investment, strategic insights are paramount for informed decision-making. Recent on-chain data has unveiled a compelling metric—the Market Value to Realise...

Give Thanks, Trade Big! Exclusive Event Guide for November 2025

Give Thanks, Trade Big: The BingX Thanksgiving Mega Rewards Event (24–30 November 2025) As we approach the festive season, BingX is rolling out one of its most exciting promotions of the year — a lim...

“Not my keys, not my crypto?” Maybe it’s time for an upgrade?

By Paul Quickenden, Country Manager Easy Crypto There was a time when being into crypto was akin to living dangerously. You’d scribble your recovery phrase on a napkin, stash it in a drawer and pray ...

Unlocking the Future Digital Asset Regulation in Australia

In the rapidly evolving world of digital assets, Australia is making significant strides in establishing a robust regulatory framework. Leading the charge is Ben Rose, the General Manager of Binance A...

Embarking on the Crypto Journey: A Comprehensive Guide for Beginners

Introduction: Cryptocurrency, a term that was relatively unknown a decade ago, has now become a buzzword in the financial world. With the meteoric rise of Bitcoin and the proliferation of various o...

Stablecoins, smart contracts and the rise of more intelligent cash

Written by Paul Quickenden - Chief Commercial Office of Easy Crypto Fintechs already have the talent, the ingenuity and after a decade of challenger success with innovations like Wise’s borderless ac...

Understanding the Evolving Landscape of Cryptocurrency: Exchanges, Regulations, and Market Trends

Exchanges Customers can use cryptocurrency exchanges to trade cryptocurrencies for other assets, such as traditional fiat money, or to trade between other digital currencies. Atomic switching A...

Could Bitcoin finally be ‘mooning’?

By Paul Quickenden, Chief Commercial Officer, Easy Crypto Let’s be real… if you told a crypto fan six months ago that Bitcoin would go through its halving (which usually kicks off a major price run)...

$1 Billion in Bitcoin (BTC) Disappear: Analysing the Market Implications

In recent weeks, the cryptocurrency market has witnessed a substantial shift in Bitcoin (BTC) reserves from exchanges to self-custody wallets. This movement involves over $1 billion in BTC, traditio...

Is the crypto bull run over?

Written by: Paul Quickenden, Chief Commercial Officer, Easy Crypto This year, Bitcoin hit an all-time high - spirits soared as we had a presidential regime that supported crypto (and even launched a ...

Australia’s Crypto Surge: Why 4+ Million Aussies Are Embracing Digital Assets

In a significant shift, over four million Australians are now more inclined to purchase cryptocurrency, following the introduction of new laws targeting digital asset regulation. Public sentiment is s...

Australia’s Controversial 2025 Crypto Tax on Unrealised Gains: What Investors Must Know and Do Now

💸 What Is an Unrealised Gain? An unrealised gain is the increase in value of an asset that an investor holds but has not yet sold. For example, if an individual purchased Bitcoin at AUD 30,000 and it...

Analysing Bitcoin Price Movements: Insights from John Bollinger

In the realm of financial analysis, few names are as revered as John Bollinger, the creator of the Bollinger Bands. His recent insights into Bitcoin's (BTC) price movements have garnered significant...

BingX AI Arena Debuts, Bringing Competitive AI Trading in Copy Trading

PANAMA CITY, November 7, 2025 – BingX, a leading cryptocurrency exchange and Web3 AI company, today announced the launch of BingX AI Arena, an interactive trading competition that brings together mult...

Wayex Blossoms: A Metamorphosis Ushering in a New Era for Aussie Crypto

The Australian fintech landscape is witnessing a compelling metamorphosis. CryptoSpend, once a familiar name synonymous with facilitating cryptocurrency spending, is undergoing a transformation. Chr...