It was confirmed over the weekend that North Korea's Lazarus Group was behind the hack. Picture: iStock
South African crypto exchanges are reviewing their security after the largest hack in history drained about $1.5 billion (about R27.5 billion) from Dubai-based crypto exchange Bybit on Friday.
Local exchanges contacted by Moneyweb say they have protections against this type of attack but add that security can never be taken for granted.
Bybit is the world’s second-largest exchange by trading volume, behind Binance.
What was unusual about this hack was its scale and sophistication.
The hack occurred while the company was moving funds from a ‘cold’ or offline wallet to a ‘warm’ online wallet. More than 400 000 ethereum (ETH) and stETH (staked ETH) were stolen.
An initial rush by customers to withdraw funds returned to normal levels, according to Bybit, once it became clear it had sufficient funds in reserve to cover the stolen funds.
The company launched a “recovery bounty programme” to track down and retrieve the stolen funds, offering a 10% reward to “ethical cyber and network security experts”.
“The incident occurred when our ETH multisig (a security protocol requiring multiple signatures prior to a transaction) cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic,” said Bybit.
“As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.”
It was confirmed over the weekend that North Korea’s Lazarus Group was behind the hack.
The US Department of Justice claims the group is part of the North Korean government’s strategy to undermine global cybersecurity and generate illicit funds in violation of sanctions.
“We’re working to help exchanges and law enforcement to trace and freeze these funds. The more difficult we make it to benefit from crimes such as this, the less frequently they will take place,” said Tom Robinson, chief scientist at blockchain analysis company Elliptic.
ALSO READ: South Africa now has over 100 licensed crypto asset service providers
Says Faadil Moti, CEO of crypto asset service provider 80eight: “While it’s natural for users to be concerned, incidents like this serve as a reminder of why self-custody wallets are an essential option for those who want full control over their assets.
“At the same time, it’s crucial that the industry doesn’t simply fault one security infrastructure over another – instead, we must work together to identify vulnerabilities and evolve security technologies to stay ahead of sophisticated threats. The silver lining here is that these events push innovation and lead to stronger protections for the industry as a whole.”
“The Bybit hack serves as a stark reminder that security in crypto exchanges must be proactive, not reactive. Hackers constantly evolve, and complacency is the biggest vulnerability,” adds Frank Leonette, CEO of crypto exchange AfriDax.
“The Bybit hack is very sad for the crypto community,” says AltCoinTrader CEO Richard de Souza.
Kudos to the way Bybit CEO Ben Zhou handled it, he adds.
“He came out facing it [head-on], telling clients what happened and what they can expect. He didn’t run away from it, Bybit actually has the financial muscle to survive this.”
ALSO READ: Financial Intelligence Centre moves on crypto
Moneyweb asked several prominent SA crypto service providers for their response to the hack.
Farzam Ehsani, CEO at Valr:
Security is of the utmost importance at Valr and our entire team, and our security team in particular, has been monitoring the situation closely. The industry is expecting a full post mortem from Bybit to better understand what exactly happened.
Valr always reviews its security infrastructure, procedures and protocols in light of incidents like this to ensure the assets we custody for our customers and for ourselves are as secure as possible.
We appreciate how open and transparent Bybit has been thus far.
It has been remarkable to see how the crypto industry has rallied together to help investigate, track and help resolve this incident.
ALSO READ: FSCA advances crypto regulation with 74 licence applications under review
Christo de Wit, SA country manager at Luno:
Investigations into the causes of the attack are currently ongoing by both Bybit and Safe Wallet, so we don’t have all the answers at this time.
However, what we do know is that a bad actor exploited a gap in Bybit’s approval process of cold wallet transactions using Safe Wallet’s wallet.
We can confirm that Luno does not work with either Bybit or Safe Wallet.
We can also confirm that the security processes employed by Luno are designed to avoid being exposed to the same vulnerability and types of attack.
Richard de Souza, CEO of AltCoinTrader:
Over the last 18 months we completed a programme to shore up our security, which has always been good.
We now store [digital assets] in what we call deep frozen storage where no single person can get it. We’re comfortable with the way things are secured, and are not looking at doing anything differently [as a result of this hack].
ALSO READ: Govt can’t keep you safe: IT vulnerabilities could collapse SA in 3 days
Faadil Moti, CEO of 80eight:
The Bybit hack is undoubtedly a major shake-up in the industry. As one of the most reputable exchanges, an incident of this magnitude is never a good thing, but I trust they will handle the situation responsibly.
At 80eight, security is our top priority. We implement a multi-device, multi-approval security model through MPC-powered (Multi-Party Computation) infrastructure, preventing unauthorised access and manipulation. Additionally, we keep the majority of our balances off-exchange, ensuring that funds remain protected even in the event of an exchange compromise.
We’re confident in our security protocols and believe that incidents like these, while unfortunate, drive the development of more robust and resilient security infrastructure – a learning curve that benefits all industry players.
Frank Leonette, CEO of crypto exchange Afridax:
The Bybit hack was very unfortunate. I think this is a developing story as the transaction user interface was spoofed. There are still a few unanswered questions about how all three signers got spoofed.
The Bybit hack serves as a stark reminder that security in crypto exchanges must be proactive, not reactive.
Hackers constantly evolve, and complacency is the biggest vulnerability.
Afridax is constantly looking out for threats. Company-wide education and strategic planning around security is always at the top of our list of priorities.
ALSO READ: CYBER ATTACKS: A history of hacks show data breaches are ‘taken too lightly in SA’
Jon Ovadia, CEO of Ovex:
It was a very large and sophisticated attack that probably involves insiders. At Ovex, we’re lucky because we service high value low volume; we can have very strict controls and procedure[s] on all withdrawals.
That’s the reason Ovex withdrawals take a bit more time than retail exchanges like Luno and Valr.
Similarly to the fact that Bybit only held roughly 5% of their assets in that wallet, we too only hold a small percentage of total assets at any one time given the risk. We also have a very strong balance sheet with retained earning[s] almost double our clients assets. So our clients can rest assured their assets are safe.
This article was republished from Moneyweb. Read the original here.
Download our app
