Crypto exchange Bybit says a hacker took control of one of its cold Ethereum wallets, resulting in what analysts estimate was the loss of ~$1.5B worth of tokens
-
My speculations:
-
"insecure from the start" - as in , the wallet was never that "cold"
-
with that amount of money, it's easy to imagine an "insider threat"
-
the hackers could have gotten lucky and struck right when the company was doing legitimate operations on the wallet
-
but probably it's a towering mountain of incompetence, composed of the elements above and more
Room temperature wallet
-
-
How does one get ones hands on a cold wallet?
What I don't quite understand is how there is 1.5 billion in a single wallet. Or how are these things structured?
This article puts their total assets under management at $15.7b, which are held in different cryptocurrencies with ethereum at just above $5b.
So I am wondering how they have more than 1/6 of their Ethereum in a single wallet or were these multiple that were connected and got compromised through the same vulnerability? How expensive is it to have more individual wallets? Would it not be feasible to have it split in something like $100m chunks? Or any other more moderate size.
-
How does one get ones hands on a cold wallet?
It's a common misconception that a "cold wallet" is offline. It's still on the blockchain like any other wallet, it's just the keys that aren't on any network-connected computer.
It appears that in this case hackers managed to trick Bybit employees into entering the keys into a fake UI that gave the hackers access to them.
-
I'm so glad I have no crypto of any kind. It's the wild west with no savings insurance, so once it's gone, it's gone.
Depends which exchange you're using.
-
They'll just roll back the blockchain. Ethereum is a centrally controlled cryptocurrency, though its fans claim otherwise. It's been rolled back before.
This is either a person who hasn't followed ETH since 2016 or is intentionally spreading misinformation.
It HAS been rolled back once, when the blockchain was in its infancy. But to say that it is still "centrally controlled" suggests having no idea what has happened in the 9 years since.
-
This post did not contain any content.
lol good
-
It's a common misconception that a "cold wallet" is offline. It's still on the blockchain like any other wallet, it's just the keys that aren't on any network-connected computer.
It appears that in this case hackers managed to trick Bybit employees into entering the keys into a fake UI that gave the hackers access to them.
Tricked or “tricked”.
-
This post did not contain any content.
how is $1.5 billion in worth calculated because no way bitcoin tokens are worth more than $20.
-
That’s room temperature wallet. It was used while claiming asset unused.
It is not cold storage anymore.
-
how is $1.5 billion in worth calculated because no way bitcoin tokens are worth more than $20.
401,347 ETH
-
This post did not contain any content.
-
How does one get ones hands on a cold wallet?
-
Do I understand this correctly, then, that this was some sort of MITM attack where valid requests to the multisig parties were replaced by malicious code while still appearing to be valid to the signers? That must be an inside job.
And this is the first time I have heard the word "musked" in this context.....
-
Do I understand this correctly, then, that this was some sort of MITM attack where valid requests to the multisig parties were replaced by malicious code while still appearing to be valid to the signers? That must be an inside job.
And this is the first time I have heard the word "musked" in this context.....
Do I understand this correctly, then, that this was some sort of MITM attack where valid requests to the multisig parties were replaced by malicious code while still appearing to be valid to the signers? That must be an inside job.
I have no idea. I guess they'll release a lot more info regarding this in the next few days.
And this is the first time I have heard the word “musked” in this context…
I think his English isn't good looking at the rest of the message. Might be "masked" instead.
-
401,347 ETH
-
This post did not contain any content.
The money is not gone, is just that someone else has it.
-
This post did not contain any content.
I gotta get in on this hacking gig. Anyone know if any hacker groups are hiring?
/s for CSIS
-
Room temperature wallet
Right next to their iq
-
This post did not contain any content.
ELI5 why we cannot "rollback" Ethereum
-
Depends which exchange you're using.
Anybody who keeps their money on an exchange any longer than necessary is just asking for trouble. An exchange is like a public toilet. You get in, you shit, and you get the fuck out. You don't hang around in a public toilet.
Self custody or GTFO.
