The Bybit hack has sent ripples through the crypto sector, marking it as the largest heist in the industry’s history. With over $1.46 billion siphoned off, this breach accounts for a staggering 16% of all previous crypto hacks combined. The complexity of the attack has raised serious concerns about the security of multisig wallets and the broader implications for decentralised finance.
Dominic Williams, the founder of Internet Computer Protocol (ICP), weighed in on the situation, recalling Ethereum’s infamous DAO hack in 2016. He pointed out that the Bybit breach further emphasises the need for a robust, decentralised governance system. According to him, ICP’s Network Nervous System (NNS) could mitigate such attacks through intelligent, permissionless governance that can intervene in extreme cases, ensuring safety without resorting to hard forks.
Williams posted on X, drawing a direct comparison between the Bybit hack and Ethereum’s DAO exploit. He reiterated that the motivation behind ICP’s NNS was to create a system where decentralised governance could step in to prevent or mitigate such crises. He stated, “The network’s brain can fix hacks in extremis = safety, no forks, etc. All need one…”
A user, Amer, engaged with Williams’ post, questioning whether Bybit could function on ICP’s infrastructure and if there would be any latency trade-offs. Williams responded that each market would run in its own canister smart contract, capable of processing over 500 update calls per second. This, he suggested, would allow for scalability depending on the level of high-frequency trading activity.
The breach came to light when blockchain sleuth ZachXBT flagged suspicious outflows from Bybit exceeding $1.46 billion. Transactions showed mETH and stETH being converted into ETH on decentralised exchanges before the attacker split the funds across multiple addresses. What makes this attack particularly alarming is that no code was exploited—human vulnerabilities were. Each multisig signer believed they were approving a legitimate transaction through what appeared to be a safe and verified interface. In reality, the attacker had manipulated the user interface, tricking signers into modifying the smart contract logic of Bybit’s ETH cold wallet.
Bybit’s founder confirmed that all signers saw what looked like a genuine transaction on a familiar UI. However, they unknowingly authorised changes to the contract’s logic. This sophisticated social engineering attack bypassed multiple layers of security, redefining the perceived safety of multisig wallets. The attacker systematically identified and compromised the signers’ devices, manipulated transaction displays, and secured approvals without raising suspicion.
Despite the scale of the heist, Bybit maintains that client assets remain safe and fully backed. The exchange asserts that even in the worst-case scenario, it can cover the losses and withstand a potential bank run. Withdrawals are still being processed, with the platform claiming that only their ETH cold wallet was affected. Safe, the multisig provider used by Bybit, has launched an investigation but found no evidence of its official frontend being compromised. Nonetheless, certain functionalities have been paused as a precautionary measure.
The incident has forced a reevaluation of security standards across the industry. Traditionally, multisig wallets and cold storage have been seen as gold standards for securing digital assets. However, this breach underscores a fundamental flaw—human fallibility. No matter how advanced smart contracts become, if attackers can manipulate what signers see and approve, security protocols crumble.
The attack highlights several key takeaways:
• Hardware wallets with screen verification are essential
• Zero-trust security models must be prioritised
• Transactions should never be approved without full comprehension
• Multi-layered security with independent verification is crucial
• Malware can make even legitimate UIs misleading
As investigations unfold, exchanges and protocols are reassessing their exposure to Bybit and scrutinising their own security measures. The next few days will determine whether Bybit can recover any stolen funds, maintain trust, and reveal how signers were compromised.
If Bybit successfully navigates this crisis, it may reinforce confidence in its operations. However, failure to address these vulnerabilities transparently could shake confidence in centralised exchanges, evoking memories of past collapses. The coming days will be a crucial test for the platform and for the broader industry’s approach to security.
