Unchained

How the $1.5 Billion Bybit Hack Could Have Been Prevented - Ep. 791

Feb 28, 2025

Mudit Gupta, Chief Information Security Officer at Polygon and a specialist in blockchain security, dives into the recent $1.5 billion hack of Bybit by North Korea’s Lazarus Group. He explains how social engineering outsmarted traditional security measures, pointing out Bybit's mistake of holding too much Ethereum in a single wallet. Gupta shares crucial insights on crisis communication post-breach and offers essential security tips for crypto users, emphasizing that the industry must learn from these devastating lessons to enhance safety.

44:21

Creator website

Episode guests

Mudit Gupta

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The Bybit hack underscores the critical role of human error and social engineering in cybersecurity, highlighting the need for ongoing education in these areas.

Implementing multi-layered security practices, such as hardware wallets and improved monitoring, can significantly enhance protection against sophisticated cyber threats.

Deep dives

Human Vulnerability in Cybersecurity

The discussion highlights the fact that human error remains a significant vulnerability in cybersecurity, emphasizing that a single mistake can lead to serious breaches. This point is underscored by a listener's comment about the necessity of implementing strong processes, such as dual control systems, to mitigate risks, even though these measures cannot eliminate them entirely. The podcast reflects on the irony that despite advancements in cybersecurity, human trust and vulnerability continue to be exploited by hackers. This underscores the need for ongoing education and awareness around social engineering tactics that aim to deceive individuals into compromising their cybersecurity.

Intro

3min

Unmasking the Bybit Hack

9min

Examining Bybit's Security Lapses and Asset Management Practices

2min

Navigating Crypto Security: Wallet Management & Breach Analysis

15min

Analyzing Cryptocurrency Security and Regulatory Shifts

4min

SEC Scrutiny and Crypto Landscape

8min

Concerns Over OX.fun Insolvency and Bank of America's Stablecoin Plans

3min

Crypto derivatives exchange Bybit just became the latest victim of North Korea’s elite hacking unit, the Lazarus Group. They didn’t brute-force their way in. They didn’t exploit some obscure vulnerability. Instead, they tricked a trusted developer, slipped in malicious code, and took off with a fortune.

How did this happen? Why was $1.5 billion sitting in a single wallet? What mistakes did Bybit and Safe make? And, more importantly, what needs to change to stop this from happening again?

This week, Mudit Gupta, chief information security officer at Polygon, joins Unchained to expose the security failures, the sophisticated tactics Lazarus used, and why crypto still hasn’t learned its lesson.

Show highlights:

2:11 Mudit’s experience with North Korea’s Lazarus
3:24 How Lazarus perpetrated the $1.5 billion hack
5:55 Why Lazarus relies on social engineering over technical exploits
7:34 Why Bybit was so specifically targeted by the hackers
10:02 What Bybit should have done to prevent the exploit
13:12 Why Mudit believes there was “no reason” to hold so much ETH in one single wallet
15:57 Who should be a signer in multisigs
17:46 How to prevent using a malicious website
19:13 Why Safe should have done things differently, according to Mudit
19:55 How Bybit and Safe handled crisis communication
24:20 Mudit’s must-know security tips for protecting your crypto

Visit our website for breaking news, analysis, op-eds, articles to learn about crypto, and much more: unchainedcrypto.com

Thank you to our sponsors!

Mantle

Guest

Mudit Gupta, Chief Information Security Officer at Polygon

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Unchained

How the $1.5 Billion Bybit Hack Could Have Been Prevented - Ep. 791

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Human Vulnerability in Cybersecurity

Analysis of the Bybit Hack

Lazarus Group's Evolving Tactics

Best Practices for Enhanced Security

Show highlights:

Thank you to our sponsors!

Guest

Links

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Unchained

How the $1.5 Billion Bybit Hack Could Have Been Prevented - Ep. 791

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Human Vulnerability in Cybersecurity

Analysis of the Bybit Hack

Lazarus Group's Evolving Tactics

Best Practices for Enhanced Security

Show highlights:

Thank you to our sponsors!

Guest

Links

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights