Bybit’s cold wallet for ETH relies on a multisig system, where more than one person must approve a transaction before it can be executed, making it typically very secure. However, hackers have been able to trick signers into approving a malicious modification to the wallet’s smart contract, using techniques such as UI spoofing or transaction masking.
Stages of penetration:
1️⃣ The need to transfer money
Bybit wanted to move some ETH from its cold wallet to a warm wallet for use in daily operations. As usual, multiple administrators had to sign the transaction via the Gnosis Safe (now known as Safe) system.
2️⃣ Create a fake interface to trick signers
The hackers faked the user interface that the Bybit team relies on to approve transactions. Instead of showing the details of the actual transaction, they displayed a fake transaction that looked completely legitimate, and even the link looked official, making the scam even more convincing.
✅ What did the Bybit team see when signing?
Transaction indicating ETH transfer to Bybit's warm wallet, with all information appearing normal.
❌ What actually happened without their knowledge?
Instead of executing the transfer, the transaction contained a modification to the cold wallet's smart contract code, giving the hackers complete control over it.
3️⃣ Signing the fake transaction
Due to the fake interface, the team signed the transaction without realizing that it modified the wallet's code, allowing the hackers to take full control of it.
4️⃣ Hacker takes over wallet and steals money
Once the signatures were complete, the hacker became the de facto owner of the cold wallet, and transferred all ETH assets to his personal wallet, leaving Bybit without any access to its funds.
Why is this hack so dangerous?
🔴 A complex attack based on optical illusion and psychological manipulation.
1️⃣ Unconventional hack of the cold wallet: Despite being offline, it was hacked without the need to steal private keys, but rather by tricking those responsible for signing transactions.
2️⃣ Multi-signature fails to protect: Even with multiple signers, hackers were able to fool all of them, proving that multi-signature does not guarantee absolute security.
3️⃣ A new threat has emerged: UI Spoofing: The hack was not the result of a technical glitch, but rather a change in the way information is presented to users, confirming that humans may be the weakest link in any security system.
4️⃣ The network was not hacked or private keys were leaked: The hackers did not hack Bybit's systems or steal sensitive data, but rather relied on social engineering to trick the signing team.
What does this breakthrough mean for the future of trading platforms?
🎯 This hack confirms that technical security alone is not enough, and protection against social engineering and optical illusion must be strengthened.
🎯 Platforms should update their systems to avoid such advanced threats.
🎯 Users should be aware that even the most secure systems can be hacked using unconventional methods.
💡 Result:
This was not just a hack of a trading platform, but a hack of the very concept of digital security, requiring a rethink of current protection strategies.
#Bybit #hacking #ETH #تداول_العملات_المشفرة #باينانس #تداول_العملات #استثمار #ربح #تحقيق_الأرباح #Crypto #تكديس #Staking #Futures #Referral#Binance $ETH
