- The $1.5 billion Bybit hack, attributed to the Lazarus Group, was traced to a compromised SafeWallet developer’s machine, but skeptics, including Ripple CTO David Schwartz, suspect security flaws or an inside job.
- The incident highlights the urgent need for stronger internal controls and stricter oversight in crypto exchanges to prevent future breaches.
The crypto world is still reeling from the shocking $1.5 billion Bybit hack, with new revelations suggesting deeper vulnerabilities in the exchange’s security framework. The breach, traced back to a compromised device belonging to a SafeWallet developer, has led to widespread skepticism, particularly from Ripple’s Chief Technology Officer (CTO) David Schwartz and other crypto experts.
Bybit and SafeWallet’s Investigation
Following an extensive forensic review, SafeWallet confirmed that the hack was executed through a compromised machine used by one of its developers. The findings were supported by the U.S. Federal Bureau of Investigation (FBI), which publicly identified the notorious North Korean hacking group, Lazarus, as the perpetrators. The attack exploited a weakness in SafeWallet’s system, allowing the hackers to manipulate transactions without raising immediate suspicion.
However, the crypto community remains unconvinced. The possibility of an inside job or severe operational oversight has sparked intense debate.
Skepticism From Ripple CTO and Industry Experts
Despite the official findings, Ripple CTO David Schwartz and other prominent figures in the crypto space have raised red flags regarding the hack’s execution. One of the major concerns revolves around the extent of access a single developer had within SafeWallet’s deployment infrastructure.
Schwartz pointed out a critical flaw in Bybit’s security practices, questioning how a quorum of Bybit’s signers all blindly sourced their code for transaction approvals directly from the internet. He expressed disbelief that such a high-stakes financial institution would rely on real-time software updates from online sources, leaving their network vulnerable during crucial transactions.
Was It an Inside Job?
Egrag Crypto, a well-known member of the XRP community, also weighed in, suggesting the hack bore signs of internal collusion. He highlighted that Bybit’s multi-signature (multi-sig) system should have prevented unauthorized access, yet none of Bybit’s signers took the time to verify transaction addresses at the time of the breach. This glaring oversight has fueled speculation that someone within the organization may have facilitated the attack.
The Need for Stronger Security Measures
The Bybit hack serves as a stark reminder of the risks associated with lax security protocols in the crypto industry. The incident underscores the need for robust internal controls, better auditing mechanisms, and stricter oversight on who has access to critical systems.
While the Lazarus Group remains the prime suspect, lingering doubts about the nature of the attack continue to stir debate. Whether due to an inside job or a catastrophic security lapse, one thing is clear: exchanges must reevaluate their security frameworks to prevent such incidents in the future.
