Why Hackers Stealing $1.5 Billion ETH May Not Be Such a Disaster for the Crypto World

It’s the single biggest crypto heist ever, with $1.5 billion seized from the coffers of major platform Bybit. But it may not all be bad news.

Bybit, while rocked by the loss, has insisted that it has enough liquidity to repay its customers even if they don’t manage to get the funds back. The incident may also serve as a catalyst toward iron-clad security measures that some industry critics believe are long overdue. 

So, how did the heist happen and what new security protocols could emerge from the rubble? 

The incident and immediate response

Bybit is a Dubai-based cryptocurrency exchange and one of the most prominent in the industry, so when it confirmed the theft of a gigantic amount of Ethereum from its digital wallets to an external, unidentified address in February, many crypto experts expressed shock.

The amount is unprecedented in crypto history, thought to be a total of $1.5 billion that was taken from the company’s coffers.

Bybit confirmed that the transfer occurred during what should have been a routine process of moving assets between “cold” (offline) and “warm” (online) wallets. The distinction is important here: cold wallets are generally considered the most secure form of cryptocurrency storage. If hackers have compromised it, then there are huge security questions to be asked.

In the immediate aftermath, Bybit’s leadership moved to reassure its user base. Chief executive Ben Zhou took to social media to confim that the company was solvent and guaranteed that all customer assets are fully backed. 

With $20 billion in assets, Zhou’s comments are almost certainly correct, but it struck fear into customers who lodged 350,000 withdrawal requests within hours of the announcement.

The price of Ethereum also as Bybit struggled to cope with the fall-out from the fiasco.

How Bybit is determined to improve security

The theft is obviously a disastrous event for Bybit, but the one silver lining to come out of it is the company (and the crypto industry’s) renewed push for stronger security measures.

Currently, platforms like Bybit use the likes of multi-layered authorization measures, something similar to what websites like online casinos use. These include two-factor (2FA) and multi-signature authentication, while following “Know Your Customer” (KYC) and “Anti-Money Laundering” (AML) regulations is also crucial.

However, crypto wallets are seeking to upgrade their technology to include the likes of enhanced cold storage protocols. These work by using air-gapped systems with stricter physical security for cold wallets and include multiple layers of offline authorization and geographically dispersed storage.

Hardware security modules, too, that store private keys add a very high level of hardware-based security. 

Other advanced measures could include using advanced AI-powered systems to detect unusual transaction patterns in real-time, flagging potentially malicious activity. A formalized Incident Response Plan is something that platforms like ByBit could use to respond to security breaches.

Who could be behind the attack?

The big concern for major crypto platforms is that the hackers behind the heist are probably not gangs, but instead something much more sinister.

Analysts have pointed to the potential involvement of state-sponsored actors, with some suggesting that groups such as North Korea’s Lazarus Group could be responsible. These groups have a history of large-scale cryptocurrency heists, and their resources and expertise make them a formidable threat.

If this is the case, then Bybit’s response, which includes enlisting the help of cybersecurity experts and offering a substantial reward (thought to be as much as 10% of the seized amount) for the recovery of the stolen funds, probably isn’t enough. 

Instead, international cooperation between law enforcement agencies and cybersecurity firms is absolutely essential. State-sponsored actors possess resources and capabilities far beyond those of typical cybercriminals, so a coordinated global effort to track, apprehend, and deter them is the only way forward.

Investor protection and how to stay safe

The record Bybit incident reminds us all of just how important investor education is and how companies must adapt to them with a new generation of security practices. 

Key recommendations from industry experts include distributing cryptocurrency holdings across multiple exchanges and storage solutions so that there isn’t a single point of failure. Cold storage, as mentioned above, for long-term holdings is also a growing option.

From an individual investor perspective, thoroughly researching exchanges and platforms before trusting them with assets is now even more essential. Practicing strong password management, too, using two-factor authentication, and remaining vigilant against phishing attacks are also must-dos.

The wider implications for crypto

The Bybit incident is the latest in a string of security failures that strengthen the argument for tougher regulation of the crypto industry. Government and regulatory bodies across the world are under a new wave of pressure to better protect consumer investments. 

To do this, authorities will need to collaborate more with crypto exchanges and cybersecurity firms to increase intelligence-sharing. If they don’t, then the gigantic figure of $1.5 billion may soon be overshadowed by an even bigger heist.