Risky Business cover image

Risky Business

Risky Business #786 -- Oracle is lying

Apr 2, 2025
Tjaden Hess, a Principal Security Engineer at Trail of Bits specializing in cryptography and cryptocurrency exchange security, joins the discussion on recent cybersecurity events. He highlights the alarming breach at Oracle, casting a critical eye on their lack of transparency regarding the exposure of sensitive health data. Hess also emphasizes the essential practices for secure cryptocurrency exchanges, particularly the importance of cold wallets, and contrasts these with the vulnerabilities revealed in the Bybit incident. The conversation paints a vivid picture of the cybersecurity landscape's ongoing challenges.
55:14

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

  • Oracle faced significant security breaches impacting health data and cloud credentials, raising concerns about their incident management and communication strategies.
  • Experts stress the necessity for cryptocurrency exchanges like Bybit to enforce stringent cold wallet practices to mitigate unauthorized access risks.

Deep dives

Bybit's Cold Wallet Vulnerability

A recent incident involving Bybit cryptocurrency exchange revealed significant flaws in their security practices, particularly concerning their cold wallet procedures. It was discovered that Bybit's cold wallet, meant to be protected from online threats, was compromised due to a connection with an online wallet provider whose servers were hacked. Experts emphasized that cold wallets must remain entirely offline to prevent unauthorized access, advocating for secure data transfer methods, such as using QR codes or read-only CDs. This breach exemplifies how critical it is for exchanges to enforce robust separation and isolation of their digital assets.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner