How the $1.5 Billion Bybit Hack Could Have Been Prevented - Ep. 791

Episode • Feb 28 • 44m

Crypto derivatives exchange Bybit just became the latest victim of North Korea’s elite hacking unit, the Lazarus Group. They didn’t brute-force their way in. They didn’t exploit some obscure vulnerability. Instead, they tricked a trusted developer, slipped in malicious code, and took off with a fortune.

How did this happen? Why was $1.5 billion sitting in a single wallet? What mistakes did Bybit and Safe make? And, more importantly, what needs to change to stop this from happening again?

This week, Mudit Gupta, chief information security officer at Polygon, joins Unchained to expose the security failures, the sophisticated tactics Lazarus used, and why crypto still hasn’t learned its lesson.

Show highlights:

2:11 Mudit’s experience with North Korea’s Lazarus
3:24 How Lazarus perpetrated the $1.5 billion hack
5:55 Why Lazarus relies on social engineering over technical exploits
7:34 Why Bybit was so specifically targeted by the hackers
10:02 What Bybit should have done to prevent the exploit
13:12 Why Mudit believes there was “no reason” to hold so much ETH in one single wallet
15:57 Who should be a signer in multisigs
17:46 How to prevent using a malicious website
19:13 Why Safe should have done things differently, according to Mudit
19:55 How Bybit and Safe handled crisis communication
24:20 Mudit’s must-know security tips for protecting your crypto

Visit our website for breaking news, analysis, op-eds, articles to learn about crypto, and much more: unchainedcrypto.com

Thank you to our sponsors!

Mantle

Guest

Mudit Gupta, Chief Information Security Officer at Polygon

Switch to the Fountain App

Open in Fountain

Show highlights:

Thank you to our sponsors!

Guest

Links

Switch to the Fountain App