Written by: Certik
Recently, Jason Jiang, Chief Business Officer of CertiK, was a guest on Cointelegraph's 'The Agenda' podcast, delving into Web3.0 security regarding the Bybit incident. When 1.4 billion dollars in assets vanished overnight, it shocked not just the industry, but every user concerned about digital wealth security. This is not only the largest theft in crypto history but also exposes the hidden risks in the industry's rapid development.
As a leader in blockchain security, CertiK has never stopped analyzing such threats. After the Bybit incident, CertiK quickly conducted a technical analysis, pointing out the existence of the "blind signing" issue. In the conversation, Jason explained the reasons behind blind signing and advised users to verify transaction addresses at least three times.
When THORChain validation nodes refused to roll back transactions, Jason candidly said, "We are like we're in the Wild West," but also emphasized that only by embracing regulation can the Web3.0 industry mature. Facing hacker attacks worth billions, a mere $4,000 bug bounty seems insignificant, and the industry urgently needs to face the lack of security investment. After all, the golden age of the Web3.0 world should not be a hacker's carnival.
After Bybit's $1.4 Billion Theft, CertiK Executive Interprets How to Enhance Crypto Asset Security
In February this year, the hacker attack on Bybit caused a shock in the industry. According to reports, the North Korean hacker group Lazarus Group stole Ethereum-related tokens worth $1.4 billion from this centralized exchange, making it the most devastating crypto theft in history.
The aftermath of this hacker attack raised many questions: Where did the problem occur? Are my funds safe? What measures should be taken to prevent such incidents from happening again?
According to blockchain security company CertiK, this massive theft accounted for 92% of all losses in February. Due to this incident, the total crypto losses in February surged nearly 1,500% compared to January.
In the 57th episode of Cointelegraph's 'The Agenda' podcast, host Jonathan DeYoung and Ray Salmond dialogued with Jason Jiang, CertiK's Chief Business Officer, to detail the Bybit hacker attack process, the consequences of this vulnerability exploitation, and what measures users and exchanges can take to safeguard cryptocurrency.
Are Crypto Wallets Still Safe After the Bybit Theft?
In short, Jason believes the Lazarus Group successfully attacked Bybit because they managed to control the devices of all signers—these three signers managed the multi-signature SafeWallet Bybit was using. The group then tricked them into signing what they believed were legitimate malicious transactions.
Does this mean SafeWallet is no longer trustworthy? Jason says it's not that simple. "When a Safe developer's computer is hacked, more information might leak from that computer. But I think for individual users, the possibility of this happening is quite low."
He stated that ordinary users can significantly enhance cryptocurrency security through several methods, including storing assets in cold wallets and being wary of potential phishing attacks on social media.
When asked if Ledger or Trezor hardware wallets could be exploited similarly, Jason again said the risk is low for ordinary users, just requiring due diligence and cautious trading.
"One reason for this incident is that signers blindly signed transaction instructions without seeing the complete address," he added. "Always ensure the address you're sending to is the one you truly want to send to, especially for large transactions—verify and double-check repeatedly."
"I believe after this incident, the entire industry will try to self-correct and improve, promoting transparency and identifiability in the signing process. Of course, there are many other lessons to learn, but this is undoubtedly one of them."
How to Prevent the Next Multi-Billion Dollar Exchange Hack?
Jason pointed out that the lack of comprehensive regulation and security measures might be one factor contributing to the ongoing nature of this hacker incident. Previously, some validation nodes of the cross-chain bridge protocol THORChain refused to roll back or block the Lazarus Group from converting stolen funds to Bitcoin, further sparking industry discussions about decentralized boundaries.
"Welcome to the Wild West," Jason said. "This is the reality we're currently in."
"In our view, if cryptocurrency wants to flourish, it needs to embrace regulation," he believes. "To be more accessible to the masses, it needs to proactively approach regulation and find ways to improve industry security."
Jason appreciated Bybit CEO Ben Zhou's response after the incident but noted that Bybit's bug bounty program before the hack offered only $4,000. He said that while most cybersecurity professionals aren't solely money-driven, increasing bug bounty amounts can help exchanges maintain higher security.
When asked how exchanges and protocols can incentivize and retain top talent to ensure system security, Jason noted that security engineers aren't always given due recognition.
"Many believe top talents flow to development positions because they offer the most rewards," he said. "But it's also about whether we give security engineers sufficient importance. They bear significant responsibilities."
"Appropriately reduce their pressure and give more recognition and incentives. Whether through monetary rewards or honor recognition, provide reasonable compensation within our means."
