On the 21st at 22:13 Singapore time, the ByBit team conducted a routine fund transfer. During the approval process, Ben double-checked the Safe{Wallet} URL and the transaction address displayed in the UI, confirming it was ByBit’s warm wallet. He then proceeded with confirmation using a Ledger device. However, since Ledger only displays contract interaction parameters without directly matching them with the UI, Ben did not carefully verify whether the warm wallet address was included in the transaction parameters. After signing, the hacker took control of the ETH cold wallet. Within three minutes, the hacker transferred assets worth $1.4 billion.
There are two possibilities:
① Safe{Wallet}’s infrastructure was compromised, causing all approvers, including Ben, to see the warm wallet address in the UI without detecting any anomalies.
② ByBit’s approvers’ devices were compromised, showing them the correct address while the actual transaction modified the contract implementation, leading to the transfer of cold wallet control.
This incident reinforces the importance of secure wallet selection for institutions. When choosing a wallet, institutions must go beyond evaluating principles, features, and security; they need to deeply understand the risks associated with different architectures:
① Smart contract wallets: While contract wallets support upgrades and have complex Solidity logic, making it difficult for attackers to obtain each approver’s private key, they can still gain control of the cold wallet contract using tactics similar to those seen in the Radiant Capital and ByBit incidents. Currently, there is room for improvement in “what you see is what you sign” (WYSIWYS) and hardware wallet integrations. If Ledger had displayed the actual transaction details more clearly, this attack might have been prevented.
② Single private key wallets: These pose a single point of failure risk. History has shown cases where private key theft led to substantial asset losses.
③ MPC (Secure Multi-Party Computation) wallets alone: While MPC mitigates the single-key risk, it cannot prevent address modification attacks or insider threats from service providers.