How the $1.5 Billion Bybit Hack Could Have Been Prevented - Ep. 791

Crypto derivatives exchange Bybit just became the latest victim of North Korea’s elite hacking unit, the Lazarus Group. They didn’t brute-force their way in. They didn’t exploit some obscure vulnerability. Instead, they tricked a trusted developer, slipped in malicious code, and took off with a fortune. How did this happen? Why was $1.5 billion sitting in a single wallet? What mistakes did Bybit and Safe make? And, more importantly, what needs to change to stop this from happening again? This week, Mudit Gupta, chief information security officer at Polygon, joins Unchained to expose the security failures, the sophisticated tactics Lazarus used, and why crypto still hasn’t learned its lesson. Show highlights: 2:11 Mudit’s experience with North Korea’s Lazarus 3:24 How Lazarus perpetrated the $1.5 billion hack 5:55 Why Lazarus relies on social engineering over technical exploits 7:34 Why Bybit was so specifically targeted by the hackers 10:02 What Bybit should have done to prevent the exploit 13:12 Why Mudit believes there was “no reason” to hold so much ETH in one single wallet 15:57 Who should be a signer in multisigs 17:46 How to prevent using a malicious website 19:13 Why Safe should have done things differently, according to Mudit 19:55 How Bybit and Safe handled crisis communication 24:20 Mudit’s must-know security tips for protecting your crypto Visit our website for breaking news, analysis, op-eds, articles to learn about crypto, and much more: unchainedcrypto.com Thank you to our sponsors! Mantle Guest Mudit Gupta, Chief Information Security Officer at Polygon Links Recent coverage of Unchained on the Bybit hack: North Korean Hackers Are Winning. Is the Crypto Industry Ready to Stop Them? The Chopping Block: Crypto’s Worst Week? Bybit Hack, Libra Scandal, & The Memecoin Reckoning Bits + Bips: Markets Are Down Bad. When Will Crypto Recover? Unchained: Bybit Flows Return to ‘Normal’ After Biggest-Ever Crypto Hack Bybit Hack Forensics Report "Safe{Wallet} Statement on Targeted Attack on Bybit " Learn more about your ad choices. Visit megaphone.fm/adchoices