ICYMI: A quick recap of the ByBit story

We can't have a boring week in crypto so after a few hours of Friday’s bullishness caused by the SEC dropping the Coinbase case, ZachXBT reported some suspicious activity on ByBit. It turned out we got live coverage of someone stealing $1.4B which makes it the biggest hack in history, because they stole almost as much as it cost to build Burj Khalifa.

Despite the pressure, ByBit CEO handled it graciously and gave us a real-world lesson in crisis communication. In the meantime Safe was doing an investigation and it turned out that their dev's computer was compromised by North Korean hackers, and it impacted the UI used by ByBit.

It ofc started a big debate what went wrong, and Martin Koppelmann gave some ideas on how to improve security when using Safe. EthResearch devs started to discuss how to prevent it in the future, and Polynya asked for rate-limiting features on Safe and more multi-sig competition. In the meantime, the North Korean parliament decided to add crypto hacks revenue to their annual country’s budget (jk).

Anyway, it felt easy to blame Safe here, but then Hasu said that sure, Safe is guilty, but so is ByBit which didn't follow the best security practices. Cassie – who used to work at Coinbase – doubled-down and said that they basically used their cold wallet like a hot wallet.

So, it seems like both Safe and ByBit will improve their practices now, but no one is ever safe because security is this never ending game of cat and mice. The good thing is that it turned out that we had a way to prevent that, and pcaversaccio politely asked everyone to use his fucking script. Soon after OpenZeppelin built a UI for it (hope it won't get compromised!), so we can easily test hashes of our Safe transactions.

But the larger question is the one raised by Albi – why do we have this powerful world computer and we use it like a fucking abacus?