(Adobe Stock)
This latest breach, one of the most significant crypto exchange hacks of recent times, has left the cryptocurrency community reeling. While many aspects of the incident were crypto-specific, the underlying lessons apply to any organization using cloud infrastructure either for asset management and transaction processing, or cloud applications in general.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
What happened?Right now, here’s what we know: the breach peaked on February 21, when attackers exploited a vulnerability in Bybit’s internal systems during a routine transfer of funds between its cold and hot wallets. It’s safe to assume hackers were learning Bybit’s processes for a long time beforehand. For context, cryptocurrency exchanges like Bybit, along other crypto holders, store assets in two primary types of wallets:
The breach happened during a transfer of assets from Bybit’s cold wallet to its hot wallet. During this process, the attackers — believed to be a part of the North Korean Lazarus Group — managed to intercept the transaction and reroute the funds to their own wallets, stealing a staggering 400,000 Ethereum (ETH), worth approximately $1.5 billion at the time.
The vulnerability that was exploited was related to Bybit’s transaction signing process. Specifically, the system used “blind-signing,” meaning that the transaction was signed without fully revealing the transaction details to the party signing it. This lack of visibility allowed the attackers to inject malicious transaction data, diverting the funds without the signing process detecting any anomaly.
Additionally, the attack was made easier by a lack of secondary verification in the transaction approval process. Once the transaction details were blind-signed, no further layers of approval or multi-signature verification were in place to catch any irregularities. This was a critical security oversight.
The Bybit breach, while rooted in the specifics of cryptocurrency exchanges, exposes important vulnerabilities that we can apply to any organization managing digital assets, especially those leveraging cloud infrastructure. Several factors contributed to the breach, so here’s a list of valuable lessons for cloud security experts and security executives to learn from what went wrong:
The Bybit incident serves as a wake-up call for anyone operating in the cloud, particularly those handling large amounts of digital assets. While cryptocurrency exchanges have unique security challenges, the lessons learned from this breach are universally applicable to any cloud security environment. By implementing strong multi-signature protocols, improving access control, enhancing real-time monitoring, and ensuring secure transaction signing, cloud security executives can build stronger defenses and reduce the likelihood of similar incidents occurring within their own organizations.
Shira Shamban, vice president of cloud, CYE
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
SC Staff
BleepingComputer reports that major data protection solutions provider Commvault did not have its customer backup data compromised following a state-sponsored cyberattack against its Azure environment initially disclosed in early March.
Steve Zurier
Security pros advise to patch right away because attackers could leverage the popular remote access devices to move laterally.
SC Staff
CIS Hardened Images are virtual machine images hardened with the globally recognized secure configuration recommendations of the CIS Benchmarks.
On-Demand Event
On-Demand Event
On-Demand Event
By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.
Related Terms
You can skip this ad in 5 seconds
Copyright © 2025 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms of Use.
