Join the KibokoDAO Revolution: Limited NFTs to Shape the Future of Web3 in the African Savannah.
Welcome to Web3, a world where digital assets thrive, ownership is decentralized, and the power of community drives progress. In this brave new ecosystem, NFTs are more than just collectibles—they're your gateway to influence and innovation. At the heart of this evolution lies KibokoDAO NFTs, a Decentralized Autonomous Organization powered by membership NFTs on the Lisk blockchain and hosted on Rarible.Why Lisk?Lisk is redefining blockchain development with its modular approach, empowering de...
Payout Models for Content Creators: A Sustainable Future
Farcaster 2026 writing contest
Africa, We’re About to Get BaD: 7 Countries, One Mission, Infinite Vibes
In a world where DAOs are the new black and Web3 is more than just a buzzword you pretend to understand in front of your tech friends, BuildaDAO (BaD) is taking things to a whole new level of decentralized chaos and creativity. And guess what? We’re going BaD across SEVEN African countries. That’s right—seven places where jollof, nyama choma, bunny chow, and chapati are as essential as block explorers. Kenyans, you can store chapatis on decentralized nodes, your chapatis won't get messed with...
Join the KibokoDAO Revolution: Limited NFTs to Shape the Future of Web3 in the African Savannah.
Welcome to Web3, a world where digital assets thrive, ownership is decentralized, and the power of community drives progress. In this brave new ecosystem, NFTs are more than just collectibles—they're your gateway to influence and innovation. At the heart of this evolution lies KibokoDAO NFTs, a Decentralized Autonomous Organization powered by membership NFTs on the Lisk blockchain and hosted on Rarible.Why Lisk?Lisk is redefining blockchain development with its modular approach, empowering de...
Payout Models for Content Creators: A Sustainable Future
Farcaster 2026 writing contest
Africa, We’re About to Get BaD: 7 Countries, One Mission, Infinite Vibes
In a world where DAOs are the new black and Web3 is more than just a buzzword you pretend to understand in front of your tech friends, BuildaDAO (BaD) is taking things to a whole new level of decentralized chaos and creativity. And guess what? We’re going BaD across SEVEN African countries. That’s right—seven places where jollof, nyama choma, bunny chow, and chapati are as essential as block explorers. Kenyans, you can store chapatis on decentralized nodes, your chapatis won't get messed with...
Subscribe to fabian
Subscribe to fabian
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
In a recent high-profile security breach, Bybit’s Ethereum multisig cold wallet was compromised, leading to unauthorized fund transfers. The attacker managed to deceive the signing process by manipulating the interface and altering the underlying smart contract logic. While the breach did not stem from a direct cryptographic failure, it exposed vulnerabilities in the transaction approval process and multisig smart contract implementation.
Multisignature (multisig) wallets are smart contracts that require multiple signatures to authorize transactions. Bybit likely used a Gnosis Safe or a custom Ethereum-based multisig setup, relying on Elliptic Curve Digital Signature Algorithm (ECDSA) for transaction validation.
How ECDSA Works in Multisig Wallets:
Each signer possesses a private key used to generate a unique digital signature.
The transaction data is hashed using Keccak-256, ensuring data integrity.
The Ethereum ecrecover() function extracts the signers’ public keys from the provided signatures.
If enough valid signatures are detected (e.g., 2-of-3 or 3-of-5), the contract executes the transaction.
Despite the robustness of ECDSA, the attack targeted the signing process and contract execution logic, not the cryptographic algorithm itself.
The attack involved deceptive transaction signing, where the displayed transaction details differed from the actual smart contract execution. Here’s how the breach likely occurred:
The attacker manipulated the signing interface, displaying a legitimate transaction while modifying the underlying smart contract logic.
Signers, believing they were authorizing a routine transfer, unknowingly approved a transaction granting the attacker control over the cold wallet.
Delegatecall Exploit:
The attacker could have embedded a malicious contract that used delegatecall, allowing them to execute unauthorized code within the multisig contract's context.
This method can override critical functions, such as updating wallet ownership or modifying approval mechanisms.
Upgradeable Proxy Manipulation:
If Bybit’s wallet was proxy-based, the attacker could have executed an upgrade to a contract under their control, altering transaction validation logic.
This allowed them to inject a new transaction approval mechanism that bypassed legitimate signers.
If an internal system handling signature validation was compromised, the attacker might have inserted their own signature into the transaction, effectively reducing the required threshold for approval.
Alternatively, an inside attacker might have colluded to approve a fraudulent transaction.
Despite the breach, the core cryptographic mechanisms, including ECDSA and Keccak-256 hashing, remained secure. The failure occurred at the contract logic and transaction signing layer, where:
The cryptographic signatures were valid but unknowingly applied to a malicious transaction.
The attacker altered transaction logic post-signing without violating cryptographic principles.
The UI misrepresented transaction details, misleading signers into approving an unintended transaction.
This attack highlights that while cryptographic security is crucial, operational security and contract logic verification are equally important.
To prevent such exploits, organizations should implement multi-layered security measures:
Use Hardware Security Modules (HSMs) or Air-Gapped Devices
Ensures that private keys never interact with potentially compromised software.
EIP-712 (Typed Data Signing) Implementation
Displays human-readable transaction details before signing, preventing UI spoofing attacks.
Manual Verification of Raw Transaction Data
Requires signers to cross-check transaction hashes before approval.
Limit Contract Upgradeability
Use time-locked upgrades and multisig governance for contract changes.
Restrict Delegatecall Usage
Avoid delegatecalls in critical wallet operations to prevent execution of external malicious code.
Implement Contract Whitelisting
Only allow transactions to and from pre-approved smart contract addresses.
Enforce End-to-End Transaction Validation
Signers should independently verify transaction hex strings before approval.
Monitor and Audit Transactions in Real-Time
Implement AI-based anomaly detection to flag suspicious transaction patterns.
Adopt Multi-Factor Authentication (MFA) for Wallet Access
Requires additional authentication layers beyond cryptographic signatures.
The Bybit attack underscores that cryptographic security alone is not enough to protect high-value assets. While ECDSA and Ethereum’s hashing functions remained uncompromised, weaknesses in UI security, contract logic, and transaction approval processes enabled the attacker to execute the breach.
To safeguard multisig wallets from similar attacks, organizations must enforce strong UI verification, contract-level restrictions, and hardware-based security mechanisms. The future of crypto security will depend on a holistic approach that integrates cryptography with robust operational security practices.
These measures are in no means full proof and in the coming days as security experts look into this hack, they will offer more robust solutions to counter this in future.
In a recent high-profile security breach, Bybit’s Ethereum multisig cold wallet was compromised, leading to unauthorized fund transfers. The attacker managed to deceive the signing process by manipulating the interface and altering the underlying smart contract logic. While the breach did not stem from a direct cryptographic failure, it exposed vulnerabilities in the transaction approval process and multisig smart contract implementation.
Multisignature (multisig) wallets are smart contracts that require multiple signatures to authorize transactions. Bybit likely used a Gnosis Safe or a custom Ethereum-based multisig setup, relying on Elliptic Curve Digital Signature Algorithm (ECDSA) for transaction validation.
How ECDSA Works in Multisig Wallets:
Each signer possesses a private key used to generate a unique digital signature.
The transaction data is hashed using Keccak-256, ensuring data integrity.
The Ethereum ecrecover() function extracts the signers’ public keys from the provided signatures.
If enough valid signatures are detected (e.g., 2-of-3 or 3-of-5), the contract executes the transaction.
Despite the robustness of ECDSA, the attack targeted the signing process and contract execution logic, not the cryptographic algorithm itself.
The attack involved deceptive transaction signing, where the displayed transaction details differed from the actual smart contract execution. Here’s how the breach likely occurred:
The attacker manipulated the signing interface, displaying a legitimate transaction while modifying the underlying smart contract logic.
Signers, believing they were authorizing a routine transfer, unknowingly approved a transaction granting the attacker control over the cold wallet.
Delegatecall Exploit:
The attacker could have embedded a malicious contract that used delegatecall, allowing them to execute unauthorized code within the multisig contract's context.
This method can override critical functions, such as updating wallet ownership or modifying approval mechanisms.
Upgradeable Proxy Manipulation:
If Bybit’s wallet was proxy-based, the attacker could have executed an upgrade to a contract under their control, altering transaction validation logic.
This allowed them to inject a new transaction approval mechanism that bypassed legitimate signers.
If an internal system handling signature validation was compromised, the attacker might have inserted their own signature into the transaction, effectively reducing the required threshold for approval.
Alternatively, an inside attacker might have colluded to approve a fraudulent transaction.
Despite the breach, the core cryptographic mechanisms, including ECDSA and Keccak-256 hashing, remained secure. The failure occurred at the contract logic and transaction signing layer, where:
The cryptographic signatures were valid but unknowingly applied to a malicious transaction.
The attacker altered transaction logic post-signing without violating cryptographic principles.
The UI misrepresented transaction details, misleading signers into approving an unintended transaction.
This attack highlights that while cryptographic security is crucial, operational security and contract logic verification are equally important.
To prevent such exploits, organizations should implement multi-layered security measures:
Use Hardware Security Modules (HSMs) or Air-Gapped Devices
Ensures that private keys never interact with potentially compromised software.
EIP-712 (Typed Data Signing) Implementation
Displays human-readable transaction details before signing, preventing UI spoofing attacks.
Manual Verification of Raw Transaction Data
Requires signers to cross-check transaction hashes before approval.
Limit Contract Upgradeability
Use time-locked upgrades and multisig governance for contract changes.
Restrict Delegatecall Usage
Avoid delegatecalls in critical wallet operations to prevent execution of external malicious code.
Implement Contract Whitelisting
Only allow transactions to and from pre-approved smart contract addresses.
Enforce End-to-End Transaction Validation
Signers should independently verify transaction hex strings before approval.
Monitor and Audit Transactions in Real-Time
Implement AI-based anomaly detection to flag suspicious transaction patterns.
Adopt Multi-Factor Authentication (MFA) for Wallet Access
Requires additional authentication layers beyond cryptographic signatures.
The Bybit attack underscores that cryptographic security alone is not enough to protect high-value assets. While ECDSA and Ethereum’s hashing functions remained uncompromised, weaknesses in UI security, contract logic, and transaction approval processes enabled the attacker to execute the breach.
To safeguard multisig wallets from similar attacks, organizations must enforce strong UI verification, contract-level restrictions, and hardware-based security mechanisms. The future of crypto security will depend on a holistic approach that integrates cryptography with robust operational security practices.
These measures are in no means full proof and in the coming days as security experts look into this hack, they will offer more robust solutions to counter this in future.
Fabian Owuor
Fabian Owuor
No activity yet