In one of the most important cryptocurrency flights to date, the hackers have infiltrated an offline Ethereum portfolio and have stolen about 1.5 billion dollars in digital assets, mainly Ethereum tokens. The attack, which targeted bybit in the cryptocurrency exchange, has raised new concerns concerning the vulnerability of the most secure storage methods. While cold portfolios and Multisignature (multisig) authentication has long been considered gold standards in the safety of digital assets, the last violation demonstrates that human error and interface manipulation can make these defenses ineffective .
The violation was detected on February 21 by the intelligence system on Check Point’s blockchain, which reported an anomaly in a transaction journal on the Ethereum network. Check Point researchers quickly determined that hacking was the result of a sophisticated attack that exploited vulnerabilities beyond the logic of intelligent contract. Instead of directly raping blockchain protocols, the attackers handled user interfaces and executed an advanced form of social engineering, deceiving key signatories to approve fraudulent transactions.
According to Check Point’s analysis, the attack led from a documented technique for the first time in July 2024, when its researchers identified an exploits model using the example function of the Safe protocol. This function, designed to allow secure multisig transactions, was armed by attackers who subtly modified legitimate transaction requests. By manipulating the interface on which the signatories relied to verify the transactions, they managed to encourage the key guards by involuntarily authorizing the massive transfer of funds.
“Bybit’s attack is not surprising – in July, we discovered the exact handling technique that the attackers exploited in this record robbery,” said Oded Vanunu, chief technology and chief of research on vulnerability products at Check Point Research. “The point to remember the most alarming is that even cold wallets – once considered the safest option – are now vulnerable. This attack proves that an approach before prevention, securing each stage of a transaction, is The only way to prevent cybercriminals from achieving a similar high -Impact attacks in the future.
This incident marks a turning point in cyber players against digital assets. Previous major hacks have generally exploited vulnerabilities in the intelligent contract code or the weaknesses of private keys management. On the other hand, the appeal attack underlines the growing sophistication of social engineering tactics, which bypass technical measures by targeting human surveillance. Check Point’s analysis stresses that no level of cryptographic security can completely protect against deception if the signatories are misleading on the transactions they approve.
The implications of this attack extend far beyond Parbit. Researchers on the control point warn that the growing trend in supply chain attacks and the user interface represents an existential threat to the safety of digital assets. While attackers refine their methods, companies with significant cryptographic assets must rethink their safety strategies. Traditional cybersecurity measures such as detection of termination threats, e-mail safety and real-time transactions verification must be integrated into the protection of cryptographic assets.
Check Point’s results suggest that a fundamental change is necessary in the way security is approached in web3 environments. Instead of based solely on smart contracts and cold storage, companies must implement the principles of zero frustrating, requiring an independent verification of transactions and air signature devices. Without these guarantees, even the most protected wallets remain sensitive to handling.
