Lessons From the ‘Biggest Crypto Heist in History’
The recent Bybit hack officially ranks as the “biggest crypto heist in history.” The FBI attributes the February breach to the Lazarus Group, a cybercrime outfit that appears to operate with impunity in North Korea. Authorities believe Lazarus penetrated Bybit’s firewall by deploying simple but malicious JavaScript code. Once inside, hackers fooled Bybit employees into approving a series of Ethereum transactions valued at nearly $1.5 billion. Once the transactions were completed, the hackers converted most of the pilfered crypto into Bitcoin.
As a result, North Korea is now believed to control the world’s third-largest Bitcoin reserve, right behind the U.S. and the U.K. According to The New York Times, hackers were able to easily bypass Bybit’s security thanks to a “simple flaw”: For years, the newspaper reports, Bybit — the second-largest crypto exchange in the world — used fairly-pedestrian software to secure transactions “even as other security firms sold more specialized tools for businesses.”
In the end, as one analyst told CoinDesk, “human error,” not technological flaws, was to blame for the Bybit catastrophe. But, he said, human error is at the root of most crypto hacks. And although the Bybit hack now ranks as the most costly one, it is far from the only crypto hack. As reported last month, cybercrimes have cost the crypto industry more than a billion dollars annually for the last four years.
Weak Protections
Marc Duthoit, founder and CEO of Resiliant, a cybersecurity provider pioneering the use of AI and Blockchain technologies to authenticate digital identity, concurs that human error is at the heart of most crypto hacks and he wasn’t surprised to learn how easily it was for the Lazarus Group was able to bypass Bybit’s firewalls.
“Most cryptocurrency exchanges lack strong security and suffer from very weak fraud detection,” Duthoit says. “These exchanges should be offering the same level of security that banks offer, which have strict controls over who can get into what, when, where, and how, but most don’t.”
Duthoit says many of the vulnerabilities common to crypto exchanges can be traced back to weak protections around their users' crypto wallets.
“Exchanges could better secure their holdings by offering end users a stronger crypto wallet, one that does not simply rely on a password to gain access. That is to say, they should be providing a strong digital identity that can flawlessly identify the true wallet’s owner, without requiring the sharing and storage of any PII or passwords.”
Avestix CEO and Founder, Susan Lindeque, agrees. “It’s obvious that Bybit was not using the kinds of controls necessary to protect the tens of billions of dollars in transfers it processes every day,” she says. “If crypto exchanges expect to earn and keep the public trust, the industry needs to build firewalls that exceed those used by traditional banks,” Lindeque says.
“This is especially true now, given the expected reduction in crypto regulations investors now anticipate under the Trump administration,” she says. “If investors believe ‘fewer regulations’ mean even ‘less security,’ investors will likely shy away from crypto opportunities in favor of more secure investments. ”
Next Steps
Many millennial and Gen X investors now include an allocation towards crypto in their portfolios.
For investment professionals to fully meet the needs of these younger investors. In order to better serve next-gen investors, financial advisors need insights.
Download The State of Play for Family Offices, 2025, a complimentary eBook from Avestix that explores what post-Boomer investors want.
