Bybit hack, the biggest in crypto history, occurred through ‘social engineering’

The biggest crypto hack in history, that of the Bybit platform last month, turns out to be a simple ‘CEO hack’. Although we all thought that Ben Zhou, CEO of Bybit, had acted quite well in those first hours after the hack and had everything neatly under control, it now appears, according to research by the New York Times, that he himself was the source of the error.

How did it work?

The hackers from Lazarus, the North Korean group that has already carried out several major crypto hacks, used a fairly simple system this time. On February 21, Ben Zhou, CEO of Bybit, logged into his computer to approve a routine transaction. Bybit was moving a large amount of Ethereum from one account to another and given the size of the order (more than one and a half billion dollars), it needed the approval of its CEO and several other people (with Ben last in line of course).

Thus the CEO receives a fairly routine email asking him to approve a transaction. What he did not know is that the software he uses to approve that transaction, a free downloadable small program called ‘safe’, has been swapped for a similar package that the hackers from Lazarus have control over. They had taken over the computer of a software developer from Safe and were controlling the version that the Bybit CEO was using,

Ben logged in, approved the transaction, and sent one and a half billion dollars to an account in North Korea.

Social Engineering

This is called ‘social engineering’. In this case, an email or other electronic message that would normally be approved or answered by a person is taken over by a hacker. Since this a routine action, the person performing it usually doesn’t pay much attention to the details. This was also the case this time, and so the Bybit CEO sent one and a half billion dollars’ worth of Ethereum to a hacker group.

Quite the ‘routine’ mistake.