Bybit was the subject of crypto’s most costliest hack three weeks ago, which gave investors, stakeholders and leaders alike a reminder that security defences need to be as tight as ever before.
MetaWealth CEO Amr Adawi writes for Payment Expert analysing what lessons should be learnt from the historic hack, citing resilience, smart contract protection and day-to-day awareness as key solutions to avoid such financial loss from happening again in the crypto sector.
On the 21 February, the cryptocurrency exchange Bybit reported losses of up to $1.5bn following one of the biggest hacks in the history of crypto.
The successful penetration by currently unknown criminals managed to make one of Bybit’s suppliers unknowingly change the smart contract instruction for a transfer of 401,000 Ethereum tokens. Assuming that Bybit was transferring the funds to one of its own digital wallets, the Ethereum was actually delivered to the hackers.
This kind of hijacking serves as a reminder of the high stakes in Web3. As the digital asset ecosystem grows, so too does the sophistication and determination of potential attackers. It’s crucial that this event serves as a wake-up call for the entire industry about appropriately reinforcing security processes and transaction auditing requirements.
Enhanced security
In the midst of this historic heist, a review of security measures for all firms is now a necessity. On one hand, blockchain technology provides an indispensable ability to track operations. Conversely, it makes hackers’ lives much easier, allowing insights into internal processes which would typically be under lock and key.
Knowledge of who and which wallet is responsible for each function makes spotting transactions and deciphering security protocols significantly easier for nefarious actors. Introducing robust cybersecurity at the core of every on-chain product and fostering a security-focused culture can have an enormous impact, covering everything from smart contract audits to secure key management practices.
In response to increasing security concerns, blockchain projects are turning their attention towards new products such as AI-powered continuous smart contract monitoring, which allows them to safeguard against smart contract hijacking in real-time. Projects like Chainlink and OpenZeppelin offer auditing services for smart contracts that add an extra layer of security from the get-go. These audits mean firms can identify possible flaws in the code prior to its deployment on the blockchain.
Storage as protection
Another potential mechanism to fight against these kinds of incidents, which is intertwined with added security measures, is that firms should be looking to diversify their assets across wallets. Rather than cryptocurrency firms keeping all of their eggs in one or a small handful of digital baskets, they may seek to split holdings across a wider range of wallets – some hot, some cold. If one or a few wallets are compromised, this careful arrangement can mitigate losses.
Multi-signature wallets can also bolster security. However, if each signer is hastily approving transactions without verifying their legitimacy, the extra steps become otios. This caveat was on full display during the Bybit heist, with stakeholders approving the transaction without a proper review.
Comprehensive education, role-based approvals, dedicated devices just for transactions and transparent workflows are essential for multi-sig policies to be effective.
Awareness in operations
There are several non-digital approaches to enhancing security, too. Cybercriminals thrive on complacency. Everyone, from individual investors to large institutions, could seriously benefit by simply staying more vigilant, keeping operational security tight, updating processes continuously and monitoring for anomalies.
Culture and behaviour can be changed massively through some very basic policies that ferment an attitude of security across a firm. Training ensures that employees at a range of levels know how to properly handle transactions.
Investments such as rotating wallets, dedicated wallets multi-sig, cold wallet security and malware detection all go a long way. Evolve Security, for example, takes the approach of promoting the importance of robust key management strategies, such as the use of public and private keys, to prevent unauthorised access to its systems and ensure secure transactions.
More than just a hack
The sustainable growth of any industry requires confidence and security. The issue of hacking extends far beyond one company and could serve as a hurdle for the entire sector. Therefore, insiders interested in maintaining development should be looking to reinforce user trust holistically. This means from technology to process and user experience. As a result, an internal culture is constructed through education, from builders to investors and end-users.
The Bybit hack needs to be a learning moment. The sector can either mark it as the beginning of more chaos and uncertainty in the crypto world, or take up a collective task for every stakeholder to ensure that user safety, platform resilience and visionary design remain central to the industry.
