About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

In-Depth Technical Analysis of the Bybit Hack- 1625

Mario Rvias - NCC GroupPosted 11 Months Ago
  • Bybit had a 1.4 billion theft of crypto assets - 401K ETH - drained from a cold wallet. They use Safe{Wallet} with a 3 out X MultiSig. If all of these people reviewed what they were signing, then what happened?
  • Attackers compromised the Safe{Wallet} UI. So when the Bybit folks were signing off on the transaction and reviewing the details, they were signing off on the wrong thing! The attack was specifically targeting Bybit, looking at the JavaScript.
  • Instead of doing a transfer of any funds, delegateCall was made to a contract controlled by the attacker. At this point, they were able to modify the Safe contract storage to change the proxy slot. By doing this, future calls the attacker made to the contract would go through their proxy to execute a delegateCall, allowing for complete ownership of the assets at the address. Stealing funds is trivial at this point.
  • What would have the executors seen? On the web page, they saw the original transaction. What about the wallet? They would have seen raw bytes with no real meaning in them. Brutal... Overall, a good look into the exploit.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed