Source: SINOHOPE
Overview of the Bybit Theft Incident
On February 21, 2025, a Safe multi-signature wallet of the crypto exchange Bybit was hacked, resulting in the loss of approximately $1.5 billion worth of crypto assets, making it the largest theft case in crypto history. Although the Safe multi-signature wallet contract itself was not problematic, the attack was still successful because the multi-signature participants lacked sufficient security awareness and a reliable independent verification mechanism when signing, allowing the hackers to tamper with the signature content and completely deceive multiple (3) signatories, ultimately gaining control of the multi-signature wallet through malicious transactions.
Similar attacks on Safe multi-signature wallets have occurred before, including:
On July 18, 2024, the Safe multi-signature wallet of the Indian exchange WazirX was attacked, with the logic contract modified, resulting in the theft of approximately $230 million.
On October 16, 2024, the Safe multi-signature wallet of the lending protocol Radiant Capital was attacked, with approximately $50 million stolen.
As the crypto industry has developed, the security issues caused by smart contracts have received significant attention from industry practitioners. However, the recent series of hacking and theft incidents show that wallet security remains a major concern. The Bybit theft incident and similar events in the industry have collectively exposed the significant vulnerabilities in wallet security: even under the seemingly secure multi-signature wallet mechanism, there are systemic problems throughout the entire process of daily fund/authority management, and wallet security requires the full attention of the entire industry.
Analysis of the Hacking Process
According to the latest investigation report, the process and key points of the attack on Bybit are as follows:
The attacker deployed a malicious contract 0xbDd077f651EBe7f7b3cE16fe5F2b025BE2969516 in advance on UTC 2025-02-19 7:15:23;
A developer device with system publishing permissions for the Safe{Wallet} was compromised, and the attacker uploaded and modified a JavaScript code file in the AWS S3 bucket of Safe on UTC 2025-02-19 15:29:43, which contained malicious logic targeting only the Ethereum Safe wallet of Bybit and an unknown wallet (presumably for testing and verification), thus completing the intrusion of the Safe{wallet} front-end.
On UTC 2025-02-21, during Bybit's normal cold and hot fund transfer process, all Safe{wallet} users saw and used the Safe{wallet} front-end with the malicious code injected, so the Bybit multi-signature participants saw the information displayed on the Safe{Wallet} front-end as completely normal (but the actual signing content did not match the front-end display);
The signatories used Ledger hardware wallets, but the Ledger hardware wallet signing process was blind, and the signatories were completely unable to verify in the Ledger whether the content to be signed was consistent with the information displayed on the Safe{Wallet} front-end.
The attacker successfully deceived all the signing participants and obtained the required number (3) of signatures; the malicious transaction was constructed to call a forged ERC 20 transfer function of the malicious contract through a DelegateCall; this malicious function completed the "upgrade" of the wallet contract, replacing the logic implementation contract with the malicious contract pre-deployed by the attacker.
After the malicious transaction was completed, the attacker re-uploaded the normal script file and deleted the malicious script file within 2 minutes.
Subsequently, the attacker gained full control of the multi-signature wallet and absconded with nearly $1.5 billion worth of crypto assets.
The remaining questions in this process include:
What is the front-end system release process of Safe{wallet}?
Why could a single developer modify the front-end system code file hosted in the cloud storage without committing the code to the source code repository?
Weak Links Exposed by the Bybit Theft Incident
Security Vulnerabilities in DeFi System Front-ends
Although theoretically anyone can create transactions and directly interact with on-chain smart contracts for all DeFi applications, in reality this is an impossible task for the vast majority of users. Therefore, all DeFi applications inevitably need front-end systems to construct transactions or EIP-712 data to be signed. If there is only one set of front-end systems supporting the same smart contract, the DeFi application's front-end system becomes a major single point of failure.
Security Vulnerabilities of Operating Devices
The direct cause of the Bybit incident was the compromise of a developer device with system publishing permissions for the Safe{Wallet} project, highlighting the eternal existence of traditional security risks. Since Web3 practitioners may be directly involved in the security of on-chain funds, traditional network security risks should receive the highest level of attention. All technical systems and management processes in the Web3 field should be considered and implemented at the level of financial-grade security.
Security Vulnerabilities of Safe Multi-Signature Contracts
The Safe multi-signature contract only provides one execution entry point: execTransaction, which offers two execution modes: Call and DelegateCall. For batch transactions, the Safe contract does not directly expose a batch execution entry, but instead implements the batch transaction logic using other contracts, such as the MultiSendCallOnly contract. Therefore, when constructing batch contract transactions, it is necessary to construct a DelegateCall to the external contract, executing the transaction splitting and individual execution logic of the external contract.
In normal business scenarios, DelegateCall execution should only be allowed when the target address (to address) is the MultiSendCallOnly contract.
However, this mechanism of the Safe contract leaves security vulnerabilities in its daily use. Most users may lack sufficient knowledge, skills, and awareness to independently and fully verify the transactions.
In fact, the 3 known large-scale attacks on Safe wallets have all exploited this mechanism, with the attackers successfully using the DelegateCall execution mode to execute malicious logic in the Safe wallet.
WazirX:
https://etherscan.io/tx/0x48164d3adbab78c2cb9876f6e17f88e321097fcd14cadd57556866e4ef3e185d
Bybit:
https://etherscan.io/tx/0x46deef0f52e3a983b67abf4714448a41dd7ffd6d32d32da69d62081c68ad7882
Blind Signing Vulnerabilities in Some Hardware Wallets
The wallet application's ability to decode the data of transactions to be signed is a very important capability. Some wallets focused on Web3 chain interaction have developed certain transaction parsing capabilities and are constantly improving, but currently the ability of hardware wallets (such as the Ledger hardware wallet used in this Bybit incident) is generally lacking in this regard, and people can only blindly sign without the last opportunity to verify the transaction content.
The transaction parsing capability of wallets requires a large amount of up-to-date data support (such as an ABI database for EVM-compatible chains) and the need to identify and customize certain common specific transaction types. This places high demands on the continuous updating and iteration of wallets.
Lack of Independent Verification Awareness among Multi-Signature Participants
To avoid the single point of risk and private key leakage risks of single-signature, the industry has generally shifted to the use of multi-signature wallets. However, if the multi-signature participants lack the awareness, ability, and necessary tools for independent verification during the usage process, and mainly rely on the security and reliability of the transaction initiator, then the multi-signature wallet will lose its intended purpose.
SINOHOPE'sSecurity Practices
Crypto Asset SecurityPrinciples
For crypto asset security, a comprehensive and multi-dimensional mechanism needs to be formed in terms of security awareness, security technology system, and security regulations. In response to the Bybit incident and similar events, SINOHOPE emphasizes that users need to enhance some basic security awareness.
(1)Traditional Security Enhancement Recommendations
Web3 organizations and personnel should have financial-grade security awareness and take concrete measures to prevent traditional security risks.
Use Dedicated Devices:
Here is the English translation of the text, with the specified terms and phrases retained as is:Equip dedicated and independent devices for important uses, avoid mixing with daily office equipment, and do not activate them unless necessary.
Use operating systems with higher security, such as Linux or the latest versions of macOS/Windows, and remove unnecessary services and ports.
Strengthen the security of office network devices and take traditional security measures:
Terminal/office environment security is still the top priority for protecting against APT attack groups like Lazurus; please ensure that the terminal has an EDR tool installed (traditional antivirus software has limited effectiveness in dealing with APT);
Strengthen access control and defense-in-depth for internal systems, and require additional two-factor authentication for accessing sensitive internal systems and performing important operations, such as internal code repository management and cloud platform management;
Manage the permissions of cloud service providers like CDN/AWS, ensure that the login to the console is minimized in terms of personnel, permissions, and access time, and do not use the root account or admin permission account by default. Prioritize the use of IAM roles, and avoid the use of ak/sk access methods; if necessary, enable key rotation and add access address whitelists;
Perform integrity verification on publicly accessible resources, such as public SDKs, client installation packages, and static resources cached by CDN (CloudFront-S3/CloudFlare-R2, etc.), and can simulate user scenarios for periodic verification;
Perform additional integrity verification for each code release to ensure that the online environment code is consistent with the internally security-reviewed code;
Strengthen the monitoring of access to internal/supplier systems, promptly detect abnormal access behavior in terms of location and time, and investigate and confirm in a timely manner;
Ensure full coverage of security capabilities for the terminal devices of key personnel.
(二)Wallet UsageBasic Principles
Isolation Principle
Cold and hot wallet isolation
Functional isolation: Strictly separate the fund wallet and the permission wallet. The fund wallet should only hold funds and have only the transfer function, and it is strongly recommended to use a dedicated fund wallet solution rather than a multi-signature contract like Safe for a simple fund wallet; only when the wallet needs to serve as the on-chain contract management permission or participate in DeFi applications, should a multi-signature contract wallet be considered.
Device isolation: For critical asset devices, use a separate isolated device, not a daily computer/work computer, and do not activate it unless necessary.
Avoid single point of failure, independent multi-party verification
Independent risk control system
Whitelist control
Independent risk control review
Transaction simulation execution
Capability-sufficient principle, minimum permission principle: Minimize risk exposure as much as possible
Cold Wallet Solution Recommendations
(一)Enterprise-level fund management solution based on MPC technology
For wallets with only fund management needs, the smart contract multi-signature wallet solution that has the potential risk of "executing arbitrary logic" may not be the optimal choice.
For "cold wallets" with only fund management needs (no need to participate in DeFi interactions), the enterprise-level MPC wallet solution SINOHOPE from Xinghuo Technology can be used as a replacement for the Safe multi-signature. For customers with specific needs, SINOHOPE can also provide technical solutions to support the private deployment of MPC solutions.
MPC-TSS (Multi-Party Computation-Threshold Signature Scheme) technology supports distributed management of private key shards and collaborative signing, solving the single point of failure risk of private keys and realizing secure self-hosting.
Compared to the multi-signature smart contract solution that can only be used on EVM-compatible chains, the MPC-based solution has all the advantages of the Safe multi-signature solution, and also has some advantages that the Safe multi-signature does not have, such as multi-chain universality, better implementation of independent auditing, and the elimination of the potential risk of "executing arbitrary logic". The key features of Xinghuo Technology's SINOHOPE MPC solution are summarized as follows:
More autonomous than centralized custody
Self-control of assets, immune to "misappropriation" and "runaway"
Support for T-N multi-signature, avoiding single point of failure
Support for enterprise-level multi-tier asset management
More secure and feature-rich than decentralized wallets
Multi-party management of private key shards, eliminating the risk of traditional private key custody
No need to keep "invisible" private keys, no seed phrase
Multi-level disaster recovery plan, multi-scenario shard recovery mechanism
More convenient and easier to use than hardware wallets
Shards can be accessed online, with "0" storage difficulty
Web2 product form, quick to master
Cheaper and more universal than contract wallets
Address creation without Gas consumption, low usage fees
Support for the vast majority of mainstream blockchains
Chain multi-signature, privacy protection
For simple fund management needs, it can better implement business auditing, risk control, and eliminate the potential risk of "executing arbitrary logic".
Can be used in conjunction with dedicated mobile device enhancement measures, with the device only online for transaction review, further strengthening security.
The capabilities and advantages of MPC-TSS technology, combined with the online account system, multi-factor authentication system, and biometric technology accumulated over the years in the Internet, can effectively help users eliminate the need for seed phrases, achieving theft-proof, loss-proof, and malicious-proof, ensuring users' control over their assets.
(二)Xinghuo Technology SINOHOPE's signature verification solution for Safe{wallet} multi-signature
In the Web3 field, in addition to the simple fund management needs of cold wallets, there are also needs for on-chain permission management and participation in DeFi interactions. For such needs, the on-chain multi-signature solution represented by Safe{wallet} is undoubtedly still one of the best solutions. However, the Bybit incident has also exposed several weak points in the use of the Safe{Wallet} multi-signature, among which the single dependence of the front-end system and the blind signing risk of hardware wallets are particularly prominent.
To address the potential risks in the use of Safe{Wallet}, Xinghuo Technology SINOHOPE has launched a signature verification solution for Safe{Wallet} multi-signature. By introducing an independent signature content verification mechanism, combined with enterprise-level approval workflow and risk control mechanisms, it fills the security gaps in the hardware wallet + Safe{Wallet} multi-signature solution.
The independent verification solution of SINOHOPE MPC wallet for Safe{Wallet} includes:
For the signature requests of Safe{Wallet}, enable an independent risk control verification policy; based on the industry ABI database and targeted processing of the Safe contract, independently parse the content to be signed and its execution intent, and can issue early warnings for risky operations (such as unexpected DelegateCall calls).
Integrate transaction simulation execution capability, which can simulate the transaction execution before signing, identify the operation intent, and present the operation intent and potential risks to the user in a user-friendly way to avoid blind signing risks.
Can integrate enterprise-level approval workflow, formulate dedicated approval workflow and risk control policies for the multi-signature wallet accounts managed by the MPC wallet account, to meet more flexible and rich fund management needs.
By using the SINOHOPE MPC wallet as one of the Signer members of the Safe{Wallet} multi-signature wallet, an independent security enhancement layer can be introduced into the current Safe{Wallet} multi-signature wallet application system, which is a useful supplement to the existing usage solution. Since the SINOHOPE MPC wallet itself is a self-hosted wallet, and can hold a single signature permission alone, the customer still maintains ultimate control over the Safe wallet/assets.
Through the signature verification service of the SINOHOPE MPC wallet, the security of customers using the Safe{Wallet} can be greatly improved, and the independent verification skill requirements and burden on the users can be effectively reduced, which is more conducive to institutional clients to closely integrate with their business needs, and more reasonably allocate the roles of multi-signature participants (boss, business, finance, security, etc.), while ensuring that each participant has the conditions to implement independent review and verification, truly realizing the purpose of Safe{Wallet} "preventing single point of failure and achieving multi-party verification".
Conclusion: Web3 Industry Wallet Security Initiative
Promoting Unified Security Standards in the Industry to Build a Trusted Web3 Ecosystem
In the rapidly developing Web3 ecosystem, wallets are the core and entry point for user asset management, and their security is of paramount importance. However, the current lack of unified security standards in the industry has led to different security risks for users when using different wallets.
SINOHOPE, a new technology company, proposes:
Establishing a common industry security standard - Building an industry security forum to jointly establish best security practice guidelines covering industry R&D, daily management, and user usage, and developing interoperability standards for ecosystem applications/security components, to collectively ensure long-term security of the industry.
Enhancing user security awareness - Through standardized security education, to improve industry users' risk awareness and prevention capabilities.
Strengthening cross-ecosystem collaboration - Promoting information sharing and emergency response mechanisms among industry players to jointly address security threats.
Security is the cornerstone for the stable and long-term development of the crypto industry. We call on developers, wallet service providers, audit institutions, and the community to work together to promote the standardization of security, and create a safer trading environment for users!
