Bybit Pre-Post Mortem

As the dust settles it seems that Bybit's cold wallet signing process was flawed. They utilized a multi-sig wallet which required 3 of 6 signers to sign.

Steps to USUALLY confirming a cold wallet transaction at Bybit:

1. 3 of 6 signers, sign and send the multi-sig wallet a transaction which writes to a smart contract created by SAFE.GLOBAL.
2. SAFE.GLOBAL Smart Contract verifies the 3 Bybit signatures and then the funds are transferred. Example of a usual Bybit Cold Wallet Transfer to a Bybit Hot Wallet.

The Flaw:

1. The multi-sig (signed by the 3 Bybit signatures) wrote to a smart contract that the HACKER CREATED and not the usual SAFE.GLOBAL contract.
2. The hackers smart contract prompted a sweep of all funds from the Bybit multi-sig wallet to a wallet controlled by the hacker.
3. All 3 people at Bybit that signed the transaction did not CHECK the 'TO ADDRESS' in the INPUT DATA for the transaction.
4. Had they checked the TO ADDRESS they would have realized that they are placing their signature on a transaction to an UNRECOGNIZED contract/address, thereby alerting them NOT TO PROCEED.

My thoughts:

If you are an exchange, please train your signing authorities to TRIPLE CHECK the TO ADDRESS. Signing authorities should be able to DECODE INPUT DATA at the very least when signing wallets with over 400k ETH in it.