Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
Home»HACKING NEWS»Safe solution for bybit hacking
HACKING NEWS

Safe solution for bybit hacking

By Crypto FlexsApril 10, 20256 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Safe solution for bybit hacking
Share
Facebook Twitter LinkedIn Pinterest Email

In February 2025, almost $ 1.5B was stolen from Bybit Exchange, the largest cryptocurrency hack in history. Paradoxically, it was not active by social engineering, not a wise contract vulnerability. Given our experience SAFE’s smart contract audit, We decided to investigate the violation in more detail.

TLDR: Projects that use safety wallets, especially projects that manage large -scale funds, must actively organize built -in security functions such as safe security guards and time locks. These features have a reason.

What is it?

The method of developing the case is as follows (timeline by timeline):

  • The attacker first compromised the development machine of a single safety developer. This gave a approach to AWS Session Key,,, At first, I couldn’t change the front end.
  • For two weeks, the attacker mimics the developer’s online activity patterns and investigated the weaknesses of AWS security.
  • Time limit AWS keys and 2FA confirmation (use of damaged developers) allowed attackers to distribute malware to a safe front end.
  • The attacker injected a malicious front end code that created a specially created target for the BYBIT account.
  • The attacker would have used social engineering to identify the notes that the BYBIT signer did not properly check the deal of hardware wallets. This allowed a malicious signature request to slip.
  • The last step was to sign three bybit Cold Storage Signers. Through compromised safe front ends, they would have shown a positive deal. But in fact, I launched a contract upgrade. delegatecallExchange in malicious implementation.
  • While controlling the safe, the attacker drained all assets. Addresses and related transactions are possible I saw it in Etherscan.

How could you stop it?

Let’s take a closer look at the security features of safe features in easing smart contract security risks.

The most important problem for hacking was Blind signatureA long problem in the ecosystem. Cold wallets often have poor UX for reviewing transactions, so you can easily approve malicious payloads during your daily work without checking the signature signature.

Thankfully there is a tool designed to solve this. One example is: Safe script validationOriginal architecture @pcaverseccioccio And I host it now Heppeline. This tool allows you to check the payload signed by the byte bytes compared to the expected safe script before the signature checks in the hardware wallet.

In addition to user level tooling, there is room to improve Multi -threshold and SignatureReduce the risk of human error.

We must also see Beyond Web2 Style Defense. Safe proposal Safe guardinterior decoration A hot chain security protocol that completely prevents BYBIT’s loss of money when it is properly configured. Despite being possible, it is often not used or misunderstandings remain. Change is needed.

Strengthen the multicignigue with a safe guard

Safe wallets can be expanded by default Safe module or Safe guard. The module allows any condition (module logic base) to run in safety and can define multiple modules for one wallet. There is always one guard and can only be blocked. We already have Safe’s security best practices. Recent blog posts likewise Discussed in Safecon 2023 In Berlin. Let’s see how the guards help to secure a wallet.

As specified in the official document: “A safe guard is used when there is a limit on the N-Out-of-M system.” Limit specific tasks to the chain. Safe Guards maintain our own state and maintain our own state through design, pre -inspection and post -inspection. A great example of the Safe Guard Scope guard:

function checkTransaction(
        address to,
        uint256 value,
        bytes memory data,
        Enum.Operation operation,
        uint256,
        uint256,
        uint256,
        address,
        // solhint-disallow-next-line no-unused-vars
        address payable,
        bytes memory,
        address
    ) external view override 
                allowedTargets(to).delegateCallAllowed,
            "Delegate call not allowed to this address"
        );
        require(allowedTargets(to).allowed, "Target address is not allowed");
        if (value > 0) 
            require(
                allowedTargets(to).valueAllowed,
                "Cannot send ETH to this target"
            );
        
        if (data.length >= 4) 
                    allowedTargets(to).allowedFunctions(bytes4(data)),
                "Target function is not allowed"
            );
         else 
                    allowedTargets(to).fallbackAllowed,
                "Fallback not allowed for this address"
            );
        
    


This guard is well established and is used in projects such as Immunefi. Thank you for this security guard.

But security guards can be more complicated. They can also implement it checkAfterExecution Function or check the signature and other values ​​provided by the interface. This allows you to build In addition to checking the passed arguments,also Make sure the weekly transition is allowed and modified after the transaction..

Another good example is the safe guard of the Mixin protocol. We were also grateful. Access the aggregated signature and restore the signature. If there is a specific address in the aggregated signature, if it matches the stored address in the guard stateThen you can run a transaction after a specific time lock.

This approach can be critical when managing a huge portfolio in multi -city. Trading delay through monitoring infrastructure helps to respond to potential security incidents. But more importantly, the discussed target range can be completely prevented from unwanted execution.

Case study

“I’m not sure if I want to give up flexibility, but I definitely don’t call multicimat and delegateCalls.”

Start using a guard to prevent delegates. Make sure the guard is audited.

“There is a list of addresses to call. Otherwise, you don’t have to call anyone.”

Start using scopeguard. Since this security guard is allowed, take appropriate security measures for security guards (malicious guard implementation can block safe transactions). If the parameters of the security guard are solved, it is possible to give up the owners’ ownership to prevent the change of the behavior of the security guard.

“There are special requirements, such as other multi -time thresholds for other actions or unchanging inspections.”

Implement and grate your own safe guards.

summation

It is not enough to rely only on off chain security practices. Including protection constraints directly in the blockchain protocol, you can provide much more powerful defense against sophisticated attacks.

SAFE’s module expression and flexible architecture are intentional by being responsible for integrated companies and configuring safely and allowing only the necessary tasks. By following the principle of minimum privilege and minimizing unnecessary features, the project can greatly reduce the attack surface and improve overall security.

The available security functions were appropriately understood and configured in accordance with the specific needs of the project, preventing this special exploitation. A safe guard is a powerful basic solution, but not the only solution. Safe module It offers greater control and customization, which makes it more complicated.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Encryption Inheritance: Industrial Round Up -January 20125

July 15, 2025

Floki Eyes 120% Rally Valhalla launches $ 10K prizes after explosive weekly growth

July 13, 2025

Watt protocol audit summary -ACKEE blockchain

July 11, 2025
Add A Comment

Comments are closed.

Recent Posts

Encryption Inheritance: Industrial Round Up -January 20125

July 15, 2025

$TAC Token Debuts In TVL As TAC Mainnet Goes Live With Leading DeFi Protocols

July 15, 2025

MultiBank Group Announces 7 Million $MBG Tokens Sold Out In Under One Hour During Initial Pre-Sale

July 15, 2025

Allnodes Among First To Launch Bare Metal Servers Powered By AMD Threadripper 9000 Series

July 15, 2025

Global Cryptocurrency Investors Flock To DNSBTC After Bitcoin Surges

July 15, 2025

The BTC price is withdrawn at almost $ 123K height. XRP approaches the highest resistance ever at $ 3.00.

July 15, 2025

Easily Invest In DL Mining Cloud Mining And Earn $6,000 In Passive Income Every Day

July 15, 2025

Crypto Company is a bank license in the US during Ripple, Circle and Bito Target

July 14, 2025

HeraldEX Defines The Future With Its One-Stop Crypto Platform For Businesses

July 14, 2025

BSGM Engages CXG To Acquire FINRA/SEC-Registered Broker-Dealer To Expand Publicly Traded RWA Tokenization Operations

July 14, 2025

Tornado cash Roman storms insist on Doj Botched Key Telegram evidence.

July 14, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Encryption Inheritance: Industrial Round Up -January 20125

July 15, 2025

$TAC Token Debuts In TVL As TAC Mainnet Goes Live With Leading DeFi Protocols

July 15, 2025

MultiBank Group Announces 7 Million $MBG Tokens Sold Out In Under One Hour During Initial Pre-Sale

July 15, 2025
Most Popular

A smart move despite the power outage?

February 23, 2024

Ethereum price rises 5% and surpasses Bitcoin. Is this a strong bullish signal?

January 11, 2024

Karma3 Labs has raised a $4.5 million seed round led by Galaxy and IDEO CoLab to build OpenRank, a decentralized reputation protocol.

March 1, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.