Ben Zhou, CEO of Bybit, confirms that the tokens were misappropriated from a cold wallet, a digital wallet that is typically kept offline. ‘This is an alarming finding,’ says Oded Vanunu, head of products vulnerability research at Check Point Research. ‘These cold wallets were once thought to be the safest option, but now they too are vulnerable.’

At the same time, the attack marks an alarming shift in cryptocurrency crime. The hackers did not target code vulnerabilities, but human weaknesses. They identified Bybit employees with signing authority for the multi-signature wallet, then implemented misleading user interfaces to mask malicious transactions and used manipulative prompts to bypass security protocols.

Worrying

‘The Bybit hack is part of a worrying trend. In 2024 alone, hackers have stolen more than 2 billion dollar worth of cryptocurrency, making it the fourth consecutive year that proceeds from crypto hacks have exceeded 1 billion dollar. The Bybit attack proves that a prevention-oriented approach securing every step of a transaction is the only way to deter cybercriminals from carrying out similar high-impact attacks in the future,’ says Vanunu.

The historic hack thus is forcing the crypto industry to rethink its security measures. As the value of digital assets continues to rise, attackers will undoubtedly become more resourceful in their attempts to circumvent security measures. ‘The industry should use real-time transaction monitoring and behavioural analysis to detect fraud,’ Vanunu suggests. ‘And do it before money is lost.’