How the $1.5 Billion Bybit Hack Could Have Been Prevented - Ep. 791

9 snips

Feb 28, 2025

Mudit Gupta, Chief Information Security Officer at Polygon and a specialist in blockchain security, dives into the recent $1.5 billion hack of Bybit by North Korea’s Lazarus Group. He explains how social engineering outsmarted traditional security measures, pointing out Bybit's mistake of holding too much Ethereum in a single wallet. Gupta shares crucial insights on crisis communication post-breach and offers essential security tips for crypto users, emphasizing that the industry must learn from these devastating lessons to enhance safety.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Bybit Hack Method

Lazarus Group compromised a Safe developer's laptop, gaining access to Safe's AWS account.
They pushed a malicious Safe Wallet website version, coded to only affect Bybit.

INSIGHT

Lazarus Group Tactics

Lazarus Group primarily uses social engineering tactics for exploits, like posing as podcast hosts or recruiters.
They trick targets into installing malicious software through deceptive links or documents.

ADVICE

Verify Transactions

Verify transactions using hardware wallets and CLI tools to prevent exploits.
Don't solely rely on single platforms like Safe's website for transaction verification.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Crypto derivatives exchange Bybit just became the latest victim of North Korea’s elite hacking unit, the Lazarus Group. They didn’t brute-force their way in. They didn’t exploit some obscure vulnerability. Instead, they tricked a trusted developer, slipped in malicious code, and took off with a fortune.

How did this happen? Why was $1.5 billion sitting in a single wallet? What mistakes did Bybit and Safe make? And, more importantly, what needs to change to stop this from happening again?

This week, Mudit Gupta, chief information security officer at Polygon, joins Unchained to expose the security failures, the sophisticated tactics Lazarus used, and why crypto still hasn’t learned its lesson.

Show highlights:

2:11 Mudit’s experience with North Korea’s Lazarus
3:24 How Lazarus perpetrated the $1.5 billion hack
5:55 Why Lazarus relies on social engineering over technical exploits
7:34 Why Bybit was so specifically targeted by the hackers
10:02 What Bybit should have done to prevent the exploit
13:12 Why Mudit believes there was “no reason” to hold so much ETH in one single wallet
15:57 Who should be a signer in multisigs
17:46 How to prevent using a malicious website
19:13 Why Safe should have done things differently, according to Mudit
19:55 How Bybit and Safe handled crisis communication
24:20 Mudit’s must-know security tips for protecting your crypto

Visit our website for breaking news, analysis, op-eds, articles to learn about crypto, and much more: unchainedcrypto.com

Thank you to our sponsors!

Mantle

Guest

Mudit Gupta, Chief Information Security Officer at Polygon