Bybit is under massive pressure The crypto exchange Bybit recently fell victim to a massive hacking attack. According to analyses conducted by blockchain forensic experts, Ether worth almost USD 1.5 billion was stolen during a routine transaction. This attack is the largest crypto theft of all time. Initial evidence suggests that the infamous North Korean Lazarus Group was behind the attack. According to Chainalysis, this hacker organisation is believed to have already stolen cryptocurrencies worth more than USD 6 billion. Bybit is currently working flat out with blockchain analysis companies, stablecoin issuers and law enforcement agencies to track the crypto fund flows – aiming to freeze them whenever possible or mark them as tainted. How did the attack happen?Immediately after the attack, various theories circulated regarding the attack method. It was initially suspected that Bybit's user interface had been compromised. However, a detailed analysis revealed that the manipulation in fact took place on the server side of the wallet solution.The attackers exploited a function that is actually intended for smart contract upgrades to overwrite the existing cost with their own malicious logic. As a result, Bybit’s user interface displayed what appeared to be a legitimate transaction, while the funds were transferred to an external wallet address in the background.This incident highlights just how sophisticated modern crypto hackers have become, circumventing security mechanisms such as transaction limits, whitelisting and even MultiSig protection. What is particularly alarming is the fact that the attack was possible despite multiple protective measures. What do these technical terms mean?Transaction limits: a security mechanism that prevents crypto transactions from exceeding a certain amount or being executed within a specific time period.Whitelisting: a list of trusted wallet addresses to which a platform or user is authorised to send crypto assets. Transactions to unauthorised addresses are blocked.MultiSig protection (multi-signature): a security mechanism in which several keys are required to sign and authorise a transaction. This minimises the risk posed by a single compromised key. The Bybit hack raises critical questionsCould Bybit have prevented the attack? The answer is yes – there were several vulnerabilities!Vulnerable infrastructure: it seems as though a single compromised developer account was used to manipulate full wallet access. This raises massive security concerns, as such a central vulnerability creates a large attack surface and undermines the platform’s protection mechanism.Lack of independent verification: Bybit relied on transaction validation processes that could easily be manipulated. This means that there were no adequate independent control mechanisms in place to prevent data tampering. Stronger verification might have made the attack more difficult or even prevented it entirely.Inadequate custody solution: according to reports, Bybit used hardware wallets primarily designed for private use. These devices are not optimised for institutional use and therefore do not provide the necessary level of security for a platform of this size.Institutional custody as protection against attacksThis incident shows how important it is to adopt multi-layered security architectures. At Maerki Baumann, in collaboration with InCore Bank and Crypto Finance, we employ a multi-level institutional custody solution with a highly secure authorisation process. The advantages:Tamper-proof hardware: crypto transactions are exclusively approved via specially designed hardware security modules (HSM) – not through easily compromised standard PCs.Multi-level approval process: each transaction to an external wallet address must be approved by multiple authorised individuals. Whitelist mechanisms prevent transactions to unknown addresses.Off-chain security mechanisms: in contrast to Bybit, no multi-signature contracts are used on the blockchain. Instead, private key aggregation takes place off-chain, making attacks more difficult.These methods have been proven effective and are used by the Swiss National Bank, among others, to protect the Swiss financial market. Conclusion: three key lessons from the Bybit hackPeople remain the biggest risk: despite technical protection measures such as multi-signature solutions, the attack succeeded through targeted phishing attacks – demonstrating that the human factor is often the weakest link in the chain.Complexity as a security risk: interaction with smart contracts quickly becomes very complex. However, security relies on simplicity – complicated processes increase the risk of errors and negligence. Clear and transparent processes are therefore essential to minimise security gaps.Use of inappropriate hardware: the use of wallets designed for private use and easily compromised laptops presents a major vulnerability, especially in an institutional context. Institutional players should therefore rely on specially developed, tamper-proof hardware security modules (HSMs) in order to meet the highest security requirements. Author: Pascal Hügli Pascal Hügli, Crypto Investment Manager at Maerki Baumann and founder of Insight DeFi, produces high-quality content on Bitcoin and crypto and contributes to Maerki Baumann's development in the area of blockchain and cryptocurrencies. As a lecturer in digital finance and crypto assets at the HWZ University of Applied Sciences in Business Administration Zurich, he has in-depth expertise in this field, which he is now also applying to the establishment of our brand "ARCHIP by Maerki Baumann". Important legal informationThis publication is intended for information and marketing purposes only, and does not constitute investment advice or a specific individual investment recommendation. It is not a sales prospectus and does not constitute a request or an offer or a recommendation to buy or sell investment instruments or investment services, or to engage in any other transaction. Maerki Baumann & Co. AG does not provide legal or tax advice. Investors are therefore advised to obtain independent legal or tax advice concerning the suitability of such investments, since their tax treatment depends on the personal circumstances of the investor in question and is subject to change at any time. Maerki Baumann & Co. AG holds a Swiss banking license issued by the Financial Market Supervisory Authority (FINMA). Please note that Maerki Baumann & Co. AG does not provide legal or tax advice. The above information should not be considered as such. It is only an initial assessment without any claim to completeness or correctness. For a final and legally binding assessment, please contact a tax expert. Editorial deadline: 5 March 2025Maerki Baumann & Co. AGDreikönigstrasse 6, CH-8002 ZurichT +41 44 286 25 25, info@maerki-baumann.chwww.maerki-baumann.ch