In February 2025, almost $ 1.5B was stolen from Bybit Exchange, the largest cryptocurrency hack in history. Paradoxically, it was not active by social engineering, not a wise contract vulnerability. Given our experience SAFE’s smart contract audit, We decided to investigate the violation in more detail.
TLDR: Projects that use safety wallets, especially projects that manage large -scale funds, must actively organize built -in security functions such as safe security guards and time locks. These features have a reason.
What is it?
The method of developing the case is as follows (timeline by timeline):
- The attacker first compromised the development machine of a single safety developer. This gave a approach to AWS Session Key,,, At first, I couldn’t change the front end.
- For two weeks, the attacker mimics the developer’s online activity patterns and investigated the weaknesses of AWS security.
- Time limit AWS keys and 2FA confirmation (use of damaged developers) allowed attackers to distribute malware to a safe front end.
- The attacker injected a malicious front end code that created a specially created target for the BYBIT account.
- The attacker would have used social engineering to identify the notes that the BYBIT signer did not properly check the deal of hardware wallets. This allowed a malicious signature request to slip.
- The last step was to sign three bybit Cold Storage Signers. Through compromised safe front ends, they would have shown a positive deal. But in fact, I launched a contract upgrade.
delegatecallExchange in malicious implementation. - While controlling the safe, the attacker drained all assets. Addresses and related transactions are possible I saw it in Etherscan.
How could you stop it?
Let’s take a closer look at the security features of safe features in easing smart contract security risks.
The most important problem for hacking was Blind signatureA long problem in the ecosystem. Cold wallets often have poor UX for reviewing transactions, so you can easily approve malicious payloads during your daily work without checking the signature signature.
Thankfully there is a tool designed to solve this. One example is: Safe script validationOriginal architecture @pcaverseccioccio And I host it now Heppeline. This tool allows you to check the payload signed by the byte bytes compared to the expected safe script before the signature checks in the hardware wallet.
In addition to user level tooling, there is room to improve Multi -threshold and SignatureReduce the risk of human error.
We must also see Beyond Web2 Style Defense. Safe proposal Safe guardinterior decoration A hot chain security protocol that completely prevents BYBIT’s loss of money when it is properly configured. Despite being possible, it is often not used or misunderstandings remain. Change is needed.
Strengthen the multicignigue with a safe guard
Safe wallets can be expanded by default Safe module or Safe guard. The module allows any condition (module logic base) to run in safety and can define multiple modules for one wallet. There is always one guard and can only be blocked. We already have Safe’s security best practices. Recent blog posts likewise Discussed in Safecon 2023 In Berlin. Let’s see how the guards help to secure a wallet.
As specified in the official document: “A safe guard is used when there is a limit on the N-Out-of-M system.” Limit specific tasks to the chain. Safe Guards maintain our own state and maintain our own state through design, pre -inspection and post -inspection. A great example of the Safe Guard Scope guard:
function checkTransaction(
address to,
uint256 value,
bytes memory data,
Enum.Operation operation,
uint256,
uint256,
uint256,
address,
// solhint-disallow-next-line no-unused-vars
address payable,
bytes memory,
address
) external view override
allowedTargets(to).delegateCallAllowed,
"Delegate call not allowed to this address"
);
require(allowedTargets(to).allowed, "Target address is not allowed");
if (value > 0)
require(
allowedTargets(to).valueAllowed,
"Cannot send ETH to this target"
);
if (data.length >= 4)
allowedTargets(to).allowedFunctions(bytes4(data)),
"Target function is not allowed"
);
else
allowedTargets(to).fallbackAllowed,
"Fallback not allowed for this address"
);
This guard is well established and is used in projects such as Immunefi. Thank you for this security guard.
But security guards can be more complicated. They can also implement it checkAfterExecution Function or check the signature and other values provided by the interface. This allows you to build In addition to checking the passed arguments,also Make sure the weekly transition is allowed and modified after the transaction..
Another good example is the safe guard of the Mixin protocol. We were also grateful. Access the aggregated signature and restore the signature. If there is a specific address in the aggregated signature, if it matches the stored address in the guard stateThen you can run a transaction after a specific time lock.
This approach can be critical when managing a huge portfolio in multi -city. Trading delay through monitoring infrastructure helps to respond to potential security incidents. But more importantly, the discussed target range can be completely prevented from unwanted execution.
Case study
“I’m not sure if I want to give up flexibility, but I definitely don’t call multicimat and delegateCalls.”
Start using a guard to prevent delegates. Make sure the guard is audited.
“There is a list of addresses to call. Otherwise, you don’t have to call anyone.”
Start using scopeguard. Since this security guard is allowed, take appropriate security measures for security guards (malicious guard implementation can block safe transactions). If the parameters of the security guard are solved, it is possible to give up the owners’ ownership to prevent the change of the behavior of the security guard.
“There are special requirements, such as other multi -time thresholds for other actions or unchanging inspections.”
Implement and grate your own safe guards.
summation
It is not enough to rely only on off chain security practices. Including protection constraints directly in the blockchain protocol, you can provide much more powerful defense against sophisticated attacks.
SAFE’s module expression and flexible architecture are intentional by being responsible for integrated companies and configuring safely and allowing only the necessary tasks. By following the principle of minimum privilege and minimizing unnecessary features, the project can greatly reduce the attack surface and improve overall security.
The available security functions were appropriately understood and configured in accordance with the specific needs of the project, preventing this special exploitation. A safe guard is a powerful basic solution, but not the only solution. Safe module It offers greater control and customization, which makes it more complicated.