The Home of the Security Bloggers Network
Home » Cybersecurity » Security Awareness »
When disaster strikes, and after the initial shock has faded, we instinctively look around for someone to blame. So, as the dust begins to settle after the Bybit hack, at whose door do we lay the loss of this (already laundered) $1.5bn?
The easiest answer is the exchange itself, and let’s be clear: They carry a significant weight of responsibility. But despite this catastrophic failure, Bybit isn’t some cowboy operator from crypto’s Wild West days. It’s a major and responsible exchange that actively seeks regulatory compliance. If a company as big as Bybit can lose over a billion, it points to a much deeper issue. And it should alarm anyone who cares about crypto.
To understand the scale of the problem, let’s look at what we know about how Bybit customers got compromised. The exchange was using an asset management platform called Safe, which offers multisig ETH wallets. Unfortunately, Safe had a crucial security loophole in its UI, which hackers exploited after compromising a Safe employee’s AWS key. They then accessed the account and injected JavaScript code to fake how transactions were displayed on Bybit users’ browser-based wallets during the signing process.
This disaster has been waiting to happen for years. It stems from a problem that has been plaguing crypto since the very beginning: Blind-signing. When people are tricked into approving fake transactions, it doesn’t matter whether you have advanced security systems like multisig. It’s like protecting your house with hi-tech biometric entry systems and layer upon layer of locks on your front door – only to leave your ground-floor window open.
So, where are wallets going wrong? And why has the industry shown no sign of recognizing the problem, let alone taking any action to fix it?
Blind signing has always been a known, but rare and theoretical, attack vector. But transactions are getting more complicated by the month. The advent and increasing adoption of new BTC or ETH vehicles like smart contracts make it insanely and increasingly difficult to check what we’re signing.
It’s easy to say ‘Trust, but verify,’ but much more difficult when you’re forced to squint at a long string of characters on a tiny LCD. In the early days of crypto, it was surprising how basic wallet interfaces were. They felt very ‘Nokia’, and weirdly out of place at the cutting edge of the crypto revolution.
Many users assumed the UI problem would be one of the first things wallets would fix in subsequent generations. Scroll forward a decade or so, and these appalling, illegible interfaces have barely changed, and blind-signing remains a bigger problem than ever. There hasn’t really been a new generation of wallet. We’re been using essentially the same technology, the same interfaces, since the days when a single pizza could sell for 10,000BTC. The question is: Why?
If we want to point the finger of blame – and we should – then it’s the wallet industry that should be in the firing line. They have consistently and inexplicably failed to evolve their hardware and software, with some of the leading consumer wallets still employing 1970s smart card technology.
The rot goes a lot deeper than those tiny displays: It affects even those cold storage devices that do have proper smartphone-style screens and apps. That’s because today’s wallet providers exert an incredibly high degree of control over their ecosystem, with prescriptive and restrictive rules that prevent developers from customising apps. This includes how transactions are displayed and what level of detail is shown to the user.
The plague of blind-signing needs to end. The right way to address this is for wallets to bring down the walls and embrace open ecosystems that allow devs to write their own apps. This would enable wallet developers to figure out how to display complex transactions and contracts on the hardware device so verification is simple, intuitive, and certain. Imagine if Safe could have written a companion app to run people’s hardware wallets, and which displayed crucial transaction information that would have alerted them (and the Bybit team) to catch the phishing issue before people signed away their coins?
This, however, requires more than a wallet software upgrade. It’s only possible when devices can keep apps isolated from the wallet’s master seed, and when every aspect of an app can be customized – from design to UI to features – so that wallet developers can give full functionality on the cold storage side. Sadly, that’s impossible with the underlying technology in today’s most popular wallets.
One of the most insidious misconceptions in technology is that strong security comes at the expense of a great user experience. As everyone should know, the opposite is true. The ability to easily read the financial transactions you’re signing is the most obvious example.
If crypto is to reach the promised land of mass adoption, we need to put an end to these devastating, high-profile hacks. Today’s wallet industry must address this issue at the device level and enable developers to build permissionlessly and create apps that deliver a long-overdue revolution in user experience. This is the only way to save crypto from the reputation-shredding impact of hacks like Bybit: to strip away complexity, prevent users from writing blank cheques, and create an experience that’s both secure and a joy to use.
Zach Herbert is cofounder and CEO of Foundation Devices, a company building Bitcoin-centric tools that empower users to reclaim their freedom. He studied mechanical engineering at Boston University and dropped out of Harvard Business School’s MBA program after his first year to focus on Bitcoin, freedom tech, product design, and hardware.
zach-herbert has 1 posts and counting.See all posts by zach-herbert
Security in AI
Step 1 of 7
