Bybit loses $1.5B in hack

Original Article ↗ Hacker News Discussion ↗

How the “cold wallet” was compromised

  • Commenters dispute whether the hacked wallet was truly “cold”: it was a Gnosis Safe multisig smart‑contract wallet used by the exchange, not an air‑gapped hardware vault.
  • The CEO’s description suggests all multisig signers’ machines were compromised and shown a spoofed Safe UI (“masked”) that looked like a normal internal transfer.
  • Instead of a transfer, they apparently signed a contract upgrade that handed control of the Safe to the attacker, who then drained the ETH.
  • Hardware wallets likely did “blind signing” of opaque EVM data, so signers couldn’t verify what they were really authorizing.

Security architecture & operational failures

  • Many see no “protocol bug,” only human/OPSEC failure: signers “clicked through” without understanding the transaction.
  • Criticisms:
    • Too much value in a single wallet.
    • “Cold” wallets that are regularly used and reachable via normal workflows are effectively “warm.”
    • No extra controls for billion‑dollar movements (e.g., multiple tiers, airlock wallets, different signer sets, time delays).
  • Others note this type of attack (UI manipulation + blind signing) has been seen before and is a systemic weakness of EVM tooling.

“Code is law”, reversibility, and ethics

  • Some argue this is exactly what decentralized finance permits: whoever controls the key “owns” the assets; the system itself doesn’t distinguish theft.
  • Others push back, noting prior chain interventions (Bitcoin overflow rollback, Ethereum DAO fork) as evidence that “code is law” is selectively applied when losses are big enough.
  • Ideas floated: protocol‑level safeguards for known exchange cold wallets, multi‑stage/escrow‑like transactions, or on‑chain bureaucracy (delays, voting) for large moves—critics say this just recreates banks.

Tainted coins, law, and liquidation

  • Debate over whether stolen coins can be sold cleanly:
    • Some expect exchanges to blacklist addresses and say large‑scale off‑ramping will be hard.
    • Others point out mixers, bridges, and decentralized exchanges, and note the hacker has already started liquidating staked ETH.
  • A subthread discusses UCC Article 12 in some U.S. states: a good‑faith purchaser who gains “control” of a digital asset may take it free of prior property claims, unlike a stolen car.

Exchanges, solvency, and trust

  • Commenters note Bybit’s huge trading volumes and the extreme profitability of crypto exchanges; some think covering $1.5B over time is plausible, possibly via loans.
  • Many distrust the CEO’s assurances and suggest withdrawing funds immediately; past “we were hacked” episodes (Mt Gox, FTX, others) are cited.
  • There’s recurring skepticism about custodial exchanges at all: if “professional” firms can’t keep keys safe, individuals are even less likely to do so, yet self‑custody is also unforgiving.

Broader crypto sentiment

  • Strong anti‑crypto voices frame the space as a casino and Ponzi‑like system that keeps “speedrunning” the worst parts of traditional finance without its protections.
  • Pro‑crypto commenters mostly emphasize censorship‑resistant cross‑border payments and usefulness in countries with capital controls or inflation, but acknowledge that security and user protection are severely lacking.