• Two Weeks Ago at Defi Security Summit: Trail of Bits' Josselin Feist predicted that if a billion-dollar exploit occurs in 2025, it won't be a smart contract issue but an operational security one.
• The Attack on Bybit: On February 21, 2025, Bybit suffered the largest cryptocurrency theft in history, with attackers stealing approximately $1.5B from their multisig cold storage wallet. The attackers compromised multiple signers' devices, manipulated wallet interfaces, and collected signatures while signers thought they were conducting routine transactions. This hack represents a shift in how centralized exchanges are compromised, as attackers targeted human and operational elements instead of smart contract vulnerabilities.
• The DPRK's Cryptocurrency Theft Infrastructure: According to Arkham Intelligence and ZachXBT, this attack is linked to North Korea. The RGB (Reconnaissance General Bureau) of North Korea uses aggressive social engineering campaigns to target key personnel in organizations and create detailed pretexts. The RGB has built a sophisticated cross-platform toolkit to compromise systems and execute malicious commands. Organizations below a certain security threshold are at high risk without comprehensive security controls.
• The New Reality of Cryptocurrency Security: This attack highlights the importance of a comprehensive security strategy that includes infrastructure segmentation, defense-in-depth, and organizational preparedness. Trail of Bits has consistently advocated for this approach through several publications. Sophisticated attackers are increasingly targeting operational security vulnerabilities rather than technical flaws.
• Moving Forward: The Bybit hack marks a new era in cryptocurrency security. Industry participants need to invest in improving operational security. Organizations should conduct operational risk assessments, implement dedicated signing infrastructure, engage with security teams, and build incident response plans. The next billion-dollar hack is inevitable, and organizations must be ready.