In one of the largest thefts in digital asset history, hackers gained access to an offline Ethereum wallet and stole $1.5 billion worth of digital assets, primarily consisting of Ethereum tokens. The recent incident with Bybit marks a new phase in attack methods, featuring advanced techniques for manipulating user interfaces. Rather than just targeting protocol flaws, the attackers used clever social engineering to trick users, compromising a major institutional multisig setup.
The incident represents a significant evolution of these attack patterns, introducing sophisticated UI manipulation techniques not previously seen. Instead of just exploiting protocol mechanics, the attackers employed advanced social engineering through manipulated interfaces, allowing them to compromise a significant institutional multisig setup.
On February 21st, Check Point Blockchain Threat Intel System alerted on a critical attack log on the Ethereum blockchain network.
The log indicated that the AI Engine identified anomality change with a transaction and categorized it as critical attack. It was indicated that the ByBit cold wallet got hacked, resulting in the theft of approximately $1.5 billion worth of digital assets, primarily in Ethereum tokens.
Check Point Research analysed the attack and explained how our Threat Intel Blockchain system was able to identify it.
Check Point’s Threat Intel blockchain system previously identified a concerning pattern where attackers exploited legitimate blockchain protocols through the Safe Protocol’s execTransaction function. Published in July 2024, the research provided a technical analysis of how the function operates within the Safe framework and documented cases where it was used in attack chains.
The research focused on understanding the technical mechanics of the Safe Protocol’s execTransaction function and its potential for misuse, highlighting the importance of understanding how legitimate protocol features could be leveraged unexpectedly.
This hack sets a new precedent in crypto security by bypassing a multisig cold wallet without exploiting any smart contract vulnerability. Instead, it exploited human trust and UI deception:
The Bybit hack has shattered long-held assumptions about crypto security.
Even with airtight technical defenses, human error remains the biggest vulnerability. This attack highlights how tactics like UI manipulation and social engineering can compromise even the most secure wallets.
Crypto security must evolve beyond just cryptographic trust—it must account for human vulnerabilities, advanced malware threats, and UI manipulation attacks. The industry needs to rethink how transactions are verified and how multi-layered, independent verification processes can prevent such catastrophic breaches in the future.
What the Bybit Hack Means for Crypto Security and the Future of Multisig Protection – Check Point Blog
