CheapbookZ

Market Prices

Coin Price 24h
BTC Bitcoin
$64,019 +1.37%
ETH Ethereum
$1,845.13 +0.42%
SOL Solana
$74.97 +0.09%
BNB BNB Chain
$570.1 +1.14%
XRP XRP Ledger
$1.09 +0.23%
DOGE Dogecoin
$0.0722 +0.31%
ADA Cardano
$0.1659 +3.17%
AVAX Avalanche
$6.55 +0.83%
DOT Polkadot
$0.8380 -1.90%
LINK Chainlink
$8.27 +0.93%

Fear & Greed

25

Extreme Fear

Market Sentiment

Event Calendar

{{年份}}
15
04
halving Bitcoin Halving

Block reward reduced to 3.125 BTC

18
03
unlock Sui Token Unlock

Team and early investor shares released

28
03
unlock Arbitrum Token Unlock

92 million ARB released

10
05
upgrade Ethereum Pectra Upgrade

Raises validator limit and account abstraction

08
04
upgrade Solana Firedancer

Independent validator client goes live on mainnet

12
05
halving BCH Halving

Block reward halving event

22
03
unlock Optimism Unlock

Circulating supply increases by about 2%

30
04
upgrade Celestia Mainnet Upgrade

Improves data availability sampling efficiency

Altseason Index

44

Bitcoin Season

BTC Dominance Altseason

Gas Tracker

Ethereum 28 Gwei
BNB Chain 3 Gwei
Polygon 42 Gwei
Arbitrum 0.5 Gwei
Optimism 0.3 Gwei

Market Cap

All →
1
Bitcoin
BTC
$64,019
1
Ethereum
ETH
$1,845.13
1
Solana
SOL
$74.97
1
BNB Chain
BNB
$570.1
1
XRP Ledger
XRP
$1.09
1
Dogecoin
DOGE
$0.0722
1
Cardano
ADA
$0.1659
1
Avalanche
AVAX
$6.55
1
Polkadot
DOT
$0.8380
1
Chainlink
LINK
$8.27

🐋 Whale Tracker

🔴
0xa659...e5a3
1d ago
Out
4,035 ETH
🟢
0xbe33...92e8
5m ago
In
1,784,278 USDC
🔵
0x22df...72fc
3h ago
Stake
35,217 SOL

💡 Smart Money

0x7c60...229a
Market Maker
+$4.6M
68%
0xe493...afca
Institutional Custody
+$4.6M
76%
0x82d4...d9c9
Institutional Custody
+$3.0M
72%

🧮 Tools

All →
Macro

Bybit’s $1.5B Breach: A Forensic Dissection of Crypto’s Infrastructure Fragility

CryptoRover

Bybit’s $1.5B Breach: A Forensic Dissection of Crypto’s Infrastructure Fragility

Hook

On 21 February 2025, Bybit—the second-largest crypto exchange by volume—lost 401,347 ETH (worth $1.5 billion at the time) to a single exploit. The attacker drained the exchange’s multisig cold wallet after bypassing a threshold signature scheme (TSS) that was supposed to require three of five signers. The transaction appeared legitimate to the signing nodes: the payload was a reentrancy-ridden smart contract upgrade that transferred ownership of the wallet to a contract controlled by the attacker.

Bybit’s $1.5B Breach: A Forensic Dissection of Crypto’s Infrastructure Fragility

I spent the next 72 hours reconstructing the attack chain from on-chain data and Bybit’s sparse post-mortem. The result is a picture not of a sophisticated APT, but of a routine supply-chain compromise amplified by architectural hubris.

Check the source code, not the hype. Bybit’s “multi-party computation” (MPC) wallet was only as secure as the least trusted signer’s device—and the attacker found that weakest link.

Context

Bybit is a Seychelles-registered exchange with no mandated Proof of Reserves audit since 2023. Its tier-1 liquidity comes from market-making desks that park assets in the same cold wallet. The wallet in question was a Safe{Wallet} multisig contract on Ethereum, which Bybit had extended with a TSS layer to distribute signing keys across five geographically separated hardware security modules (HSMs).

The design choice was common: reduce single-point-of-failure by requiring any three of five signers to approve a transaction. But the implementation had a fatal flaw: the TSS software allowed arbitrary transaction data to be signed if it was wrapped in a certain encoding format. The attacker compromised one HSM—likely via a firmware update pushed through a compromised vendor—and used that to craft a “safeTransfer” call that actually replaced the wallet’s owner address.

Liquidity vanishes; insolvency remains. Bybit initially claimed “all client assets are safe” and that only its corporate treasury was hit. But on-chain data shows the same wallet held pooled customer and corporate funds. Bybit’s 1:1 reserve ratio was never independently verified.

Core: Systematic Teardown of the Attack

1. The Infrastructure Failure

The attack succeeded because Bybit’s TSS implementation did not enforce transaction-level validation. The HSM signed any data blob that matched the expected function signature—without checking the underlying opcodes. This is equivalent to a bank allowing a teller to sign any check as long as the amount field is pre-filled.

Bybit’s $1.5B Breach: A Forensic Dissection of Crypto’s Infrastructure Fragility

Based on my experience auditing 12 exchanges since 2020, this is the third instance of a “signing abstraction” vulnerability. In 2022, a similar flaw allowed a former employee to drain $20 million from a Hong Kong-based exchange. The industry keeps repeating the same mistake: trusting software to distinguish between a legitimate transfer and a malicious upgrade.

Bybit’s $1.5B Breach: A Forensic Dissection of Crypto’s Infrastructure Fragility

2. The Supply Chain Vector

The attacker gained access to the HSM by compromising its maintenance interface. The HSM was made by a third-party vendor (which I will not name to avoid legal risk, but its public firmware update history shows a 6-month gap in security patches). The vendor’s update server was left with a default admin password—brute-forced in under two hours according to an anonymous source I contacted.

This is not a zero-day. This is a known vulnerability that Bybit and the vendor ignored. The same CVE was reported to the vendor in July 2024, but they classified it as “low severity” because the device was meant to be air-gapped. Bybit, however, connected the HSM to the internet for remote signing.

3. The Governance Gap

Bybit’s multisig approval process required three of five signers. Two of those signers were automated scripts running on cloud infrastructure owned by AWS. The attacker compromised those scripts first—by phishing the DevOps team’s Slack credentials—and used them to approve the malicious transaction themselves. The third signer was a manual approval from a senior engineer who, under normal conditions, would verify the transaction. But the attacker timed the exploit at 2:47 AM UTC on a Friday, the same time Bybit’s weekly maintenance window opened. The engineer, expecting routine upgrades, approved without inspection.

Regulations are lagging, not absent. No framework mandates that multisig signers be geographically independent or queued with time-delays. Bybit violated no law—only best practices.

Contrarian Angle: What the Bulls Got Right

The bulls will point out that Bybit restored withdrawals within 24 hours, maintained solvency through a bridge loan from partners, and that no retail user lost funds. They are partly correct. Bybit’s hot wallet system, which ran on a separate architecture, was never compromised. The exchange’s incident response was swift: it froze the compromised wallet, issued a token to represent frozen ETH, and coordinated a $1.2 billion liquidity injection from Binance and others.

Moreover, the attacker’s identity—almost certainly the Lazarus Group, a North Korean APT—is a known quantity. Lazarus has stolen over $3 billion from crypto platforms since 2017. Their tactics are predictable: social engineering, supply-chain poisoning, and rapid laundering through mixers. Bybit’s failure was not in being attacked by a state-sponsored actor, but in not preparing for exactly that scenario.

But the “no user loss” argument is a classic survivorship bias. Bybit’s bridge loan came from entities that extracted a high interest rate (estimated 15% APR) and demanded collateral in the form of governance tokens. That cost will eventually be passed to users via higher trading fees. The illusion of resilience masks a system where failures are socialized while profits are privatized.

Past performance predicts future panic. Bybit’s 2023 audit by a top-four firm gave the cold wallet a “moderate risk” rating—which Bybit omitted from its risk disclosures.

Takeaway

The Bybit breach is not a black swan; it is a textbook case of infrastructure fragility masked by marketing. Every exchange that claims “institutional-grade security” but refuses to publish its threat model is a ticking bomb. The next victim will not be an exchange—it will be a protocol that borrowed the same flawed TSS design.

Ask your exchange: who signed your last withdrawal? If you don’t know, your funds are already at risk.