Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
Home»HACKING NEWS»Safe solution for bybit hacking
HACKING NEWS

Safe solution for bybit hacking

By Crypto FlexsApril 10, 20256 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Safe solution for bybit hacking
Share
Facebook Twitter LinkedIn Pinterest Email

In February 2025, almost $ 1.5B was stolen from Bybit Exchange, the largest cryptocurrency hack in history. Paradoxically, it was not active by social engineering, not a wise contract vulnerability. Given our experience SAFE’s smart contract audit, We decided to investigate the violation in more detail.

TLDR: Projects that use safety wallets, especially projects that manage large -scale funds, must actively organize built -in security functions such as safe security guards and time locks. These features have a reason.

What is it?

The method of developing the case is as follows (timeline by timeline):

  • The attacker first compromised the development machine of a single safety developer. This gave a approach to AWS Session Key,,, At first, I couldn’t change the front end.
  • For two weeks, the attacker mimics the developer’s online activity patterns and investigated the weaknesses of AWS security.
  • Time limit AWS keys and 2FA confirmation (use of damaged developers) allowed attackers to distribute malware to a safe front end.
  • The attacker injected a malicious front end code that created a specially created target for the BYBIT account.
  • The attacker would have used social engineering to identify the notes that the BYBIT signer did not properly check the deal of hardware wallets. This allowed a malicious signature request to slip.
  • The last step was to sign three bybit Cold Storage Signers. Through compromised safe front ends, they would have shown a positive deal. But in fact, I launched a contract upgrade. delegatecallExchange in malicious implementation.
  • While controlling the safe, the attacker drained all assets. Addresses and related transactions are possible I saw it in Etherscan.

How could you stop it?

Let’s take a closer look at the security features of safe features in easing smart contract security risks.

The most important problem for hacking was Blind signatureA long problem in the ecosystem. Cold wallets often have poor UX for reviewing transactions, so you can easily approve malicious payloads during your daily work without checking the signature signature.

Thankfully there is a tool designed to solve this. One example is: Safe script validationOriginal architecture @pcaverseccioccio And I host it now Heppeline. This tool allows you to check the payload signed by the byte bytes compared to the expected safe script before the signature checks in the hardware wallet.

In addition to user level tooling, there is room to improve Multi -threshold and SignatureReduce the risk of human error.

We must also see Beyond Web2 Style Defense. Safe proposal Safe guardinterior decoration A hot chain security protocol that completely prevents BYBIT’s loss of money when it is properly configured. Despite being possible, it is often not used or misunderstandings remain. Change is needed.

Strengthen the multicignigue with a safe guard

Safe wallets can be expanded by default Safe module or Safe guard. The module allows any condition (module logic base) to run in safety and can define multiple modules for one wallet. There is always one guard and can only be blocked. We already have Safe’s security best practices. Recent blog posts likewise Discussed in Safecon 2023 In Berlin. Let’s see how the guards help to secure a wallet.

As specified in the official document: “A safe guard is used when there is a limit on the N-Out-of-M system.” Limit specific tasks to the chain. Safe Guards maintain our own state and maintain our own state through design, pre -inspection and post -inspection. A great example of the Safe Guard Scope guard:

function checkTransaction(
        address to,
        uint256 value,
        bytes memory data,
        Enum.Operation operation,
        uint256,
        uint256,
        uint256,
        address,
        // solhint-disallow-next-line no-unused-vars
        address payable,
        bytes memory,
        address
    ) external view override 
                allowedTargets(to).delegateCallAllowed,
            "Delegate call not allowed to this address"
        );
        require(allowedTargets(to).allowed, "Target address is not allowed");
        if (value > 0) 
            require(
                allowedTargets(to).valueAllowed,
                "Cannot send ETH to this target"
            );
        
        if (data.length >= 4) 
                    allowedTargets(to).allowedFunctions(bytes4(data)),
                "Target function is not allowed"
            );
         else 
                    allowedTargets(to).fallbackAllowed,
                "Fallback not allowed for this address"
            );
        
    


This guard is well established and is used in projects such as Immunefi. Thank you for this security guard.

But security guards can be more complicated. They can also implement it checkAfterExecution Function or check the signature and other values ​​provided by the interface. This allows you to build In addition to checking the passed arguments,also Make sure the weekly transition is allowed and modified after the transaction..

Another good example is the safe guard of the Mixin protocol. We were also grateful. Access the aggregated signature and restore the signature. If there is a specific address in the aggregated signature, if it matches the stored address in the guard stateThen you can run a transaction after a specific time lock.

This approach can be critical when managing a huge portfolio in multi -city. Trading delay through monitoring infrastructure helps to respond to potential security incidents. But more importantly, the discussed target range can be completely prevented from unwanted execution.

Case study

“I’m not sure if I want to give up flexibility, but I definitely don’t call multicimat and delegateCalls.”

Start using a guard to prevent delegates. Make sure the guard is audited.

“There is a list of addresses to call. Otherwise, you don’t have to call anyone.”

Start using scopeguard. Since this security guard is allowed, take appropriate security measures for security guards (malicious guard implementation can block safe transactions). If the parameters of the security guard are solved, it is possible to give up the owners’ ownership to prevent the change of the behavior of the security guard.

“There are special requirements, such as other multi -time thresholds for other actions or unchanging inspections.”

Implement and grate your own safe guards.

summation

It is not enough to rely only on off chain security practices. Including protection constraints directly in the blockchain protocol, you can provide much more powerful defense against sophisticated attacks.

SAFE’s module expression and flexible architecture are intentional by being responsible for integrated companies and configuring safely and allowing only the necessary tasks. By following the principle of minimum privilege and minimizing unnecessary features, the project can greatly reduce the attack surface and improve overall security.

The available security functions were appropriately understood and configured in accordance with the specific needs of the project, preventing this special exploitation. A safe guard is a powerful basic solution, but not the only solution. Safe module It offers greater control and customization, which makes it more complicated.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Director Trezor: What is the best hardware wallet in 2025?

May 31, 2025

US sanctions technology companies are related to millions of dollars of encryption fraud.

May 31, 2025

Encryption Inheritance Update: May 2025

May 29, 2025
Add A Comment

Comments are closed.

Recent Posts

SUI Prover improves smart contract verification in the SUI block chain

June 1, 2025

TRON Analysts predicts the following $ 0.30 rally, Unilabs Crosses Doge Volume.

June 1, 2025

Zero Knowledge Technology: In Linea’s study, the journey to the main net

May 31, 2025

Blockchain.com Nigeria in the court ruling

May 31, 2025

Sharplink’s $ 1B Ether Leeum Bet: How to Change ETH’s Game

May 31, 2025

The AI ​​drive model seasplat improves coral reefs.

May 31, 2025

It is a Gold Fallor Safety Dynasty Status, but the path of Bitcoin can be brighter: analysts

May 31, 2025

Bitcoin prices can be $ 2.5 million in 2025.

May 31, 2025

SEC CRYPTO Stacking Guidance Victory on Industrial Regulations, approval of Staked ETF

May 31, 2025

Gala Game introduces a discounted town star badge mystery pack.

May 31, 2025

Bitcoin prices extend losses. Is it a bigger disadvantage on the horizon?

May 31, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

SUI Prover improves smart contract verification in the SUI block chain

June 1, 2025

TRON Analysts predicts the following $ 0.30 rally, Unilabs Crosses Doge Volume.

June 1, 2025

Zero Knowledge Technology: In Linea’s study, the journey to the main net

May 31, 2025
Most Popular

The strategy of Michael Saylor is the average price of $ 82,981, acquiring 130 Bitcoin.

March 17, 2025

Dogecoin Developer: The Brains That Legalize DOGE

September 21, 2024

Rollblock has become more popular than SOL and XRP due to the increased adoption of GambleFi.

October 28, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.