- The ByBit exchange was hacked, resulting in the theft of $1.5 billion (AU $2.35 billion).
- Binance co-founder Changpeng Zhao (CZ) highlighted multisig wallets as a common vulnerability in recent hacks, including the ByBit incident.
- Ledger recommended using ‘Clear Signing’ to prevent blind signing issues, which might have contributed to the hack.
- Fireblocks suggested off-exchange settlement and MPC technology as potential solutions to enhance security and prevent similar exploits.
The cryptosphere was plunged into chaos following news that the ByBit exchange had been hacked to the tune of US $1.5 billion (AU $2.35 billion).
As the dust begins to settle, industry leaders are starting to make public statements on the incident, how it’s been handled and the lessons we can learn.
In particular, community figure and co-founder of Binance, Changpeng Zhao, has weighed in on the hack, suggesting several security changes necessary to ensure exchanges can avoid this fate in the future.
Related: ByBit Breach: $1.5 Billion in Funds Stolen as Exchange Vows to Return Customer Assets
CZ Notes Multisig Wallets as Common Denominator in Recent Hacks
In a lengthy Twitter / X post, Changpeng Zhao (CZ) highlighted that the ByBit exploit, alongside other recent hacks, have been due to multisig wallets.
Essentially, hackers were able to disguise their malicious transfer as a routine transaction on the ByBit front-end. So, when multiple authorised signers were presented with the data, at a glance, all appeared normal – leading to the transaction’s approval.
According to CZ, this method of theft may have been used in similar recent incidents, suggesting a need for exchanges to rethink multisig wallets.
Ledger, developers of the popular Nano hardware wallets, agreed with CZ, arguing that ‘Blind Signing’ is all too prominent among the industry.
According to some in the community, this was a potential cause of the ByBit hack – greenlighting a seemingly normal transaction that obfuscated its true nature.
Instead, Ledger proposes using ‘Clear Signing’, where transaction details are always transparent, avoiding some of the fundamental issues tied to multi-sig exploits.
MPC Wallets, Withdrawal Halts and Ethereum Rollback: Suggestions for Combating ByBit Exploit
Meanwhile, Web3 developer Fireblocks released a blog post encouraging off-exchange settlement.
The call-to-action suggests using collateralised, ‘segregated’ accounts, ensuring customer’s assets aren’t at risk to exploits.
Additionally, Fireblocks put forth MPC technology as a potential counter to the issues with multi-sig wallets. Rather than requiring multiple signatures to authorise a transaction, MPC wallets split a wallet’s key across several parties. The data remains private to each other, meaning that a single compromised input can’t be used to exploit an entire wallet.
As always hindsight provides several steps that could’ve prevented the exploit. And hopefully the biggest crypto exchange hack in history helps push the industry toward the most secure version of itself.
However, CZ – among others – was quick to praise ByBit CEO Ben Zhou’s response to the hack.
Ben did a good job maintaining transparent communication and calmness in dealing with a challenging situation. That shows a sharp contrast to other less transparent CEOs, like WazirX, FTX, etc.
Changpeng Zhao, co-founder of BinanceZhao did note that he likely would’ve halted withdrawals to be on the safe side, an action that ByBit did not take.
Outspoken analyst and former CEO of BitMEX, Arthur Hayes, even suggested Ethereum roll back its blockchain in response to the hack…but this solution wasn’t especially popular.
Credit: Source link
