Comment by ycombinatrix
4 months ago
>Bybit CEO Ben Zhou wrote on X that a hacker "took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address."
Um how tf does a cold wallet get hacked?
4 months ago
>Bybit CEO Ben Zhou wrote on X that a hacker "took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address."
Um how tf does a cold wallet get hacked?
Have to wait for a post-mortem, but there was some speculation from Ben earlier in his spaces.
They used a gnosis safe which is a smart contract multi-sig wallet that is pretty much the gold standard for Ethereum.
They believed that all of the signers' pcs were hacked and that the UI for signing was staged with a fake element to make it appear like a normal transfer.
They were signing with hardware wallets, but it's hard to verify what you're signing from a ledger typically.
What they ended up signing instead was an upgrade to the smart contract giving control of the gnosis safe to the hacker who then drained it.
Thanks for the explanation. It wasn't a cold wallet.