_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
URI Visit Hacker News on the Web
COMMENT PAGE FOR:
URI Bybit loses $1.5B in hack but can cover loss, CEO confirms
m00dy wrote 1 hour 56 min ago:
We are in the middle of the bull market. fyi.
FabHK wrote 2 hours 27 min ago:
Crypto use case: Finance North Korea's nuclear missile program.
ttyprintk wrote 39 min ago:
The will and opportunity to fix that has come and gone. Mt Gox (would
have been|is sitting at) $85 billion at today's prices.
tmpz22 wrote 1 hour 27 min ago:
Iâm not worried we have entire federal agencies to regulate
financial crime and nuclear operations donât we?
k__ wrote 3 hours 29 min ago:
Whelp, you better shorted $SAFE.
fennecbutt wrote 5 hours 13 min ago:
And they keep everything in one wallet why?!?!
Surely you'd allocate a new wallet/1m roughly and always keep it
spread.
lofties wrote 6 hours 9 min ago:
> "Please rest assured that all other cold wallets are secure. All
withdrawals are normal," he added.
There are no American infidels in Baghdad. Never!
stef25 wrote 5 hours 6 min ago:
Chemical Ali ?
cmcaleer wrote 5 hours 37 min ago:
I'd probably bet on this being and staying the case. Bybit needs to
look as strong as possible here and they probably have a bunch of
willing lenders.
The second they have to pause withdrawals and look weak, it could be
game over from the (additional) reputational damage.
ycombinatrix wrote 6 hours 39 min ago:
>Bybit CEO Ben Zhou wrote on X that a hacker "took control of the
specific ETH cold wallet and transferred all the ETH in the cold wallet
to this unidentified address."
Um how tf does a cold wallet get hacked?
w_TF wrote 5 hours 54 min ago:
Have to wait for a post-mortem, but there was some speculation from
Ben earlier in his spaces.
They used a gnosis safe which is a smart contract multi-sig wallet
that is pretty much the gold standard for Ethereum.
They believed that all of the signers' pcs were hacked and that the
UI for signing was staged with a fake element to make it appear like
a normal transfer.
They were signing with hardware wallets, but it's hard to verify what
you're signing from a ledger typically.
What they ended up signing instead was an upgrade to the smart
contract giving control of the gnosis safe to the hacker who then
drained it.
ChrisMarshallNY wrote 6 hours 46 min ago:
As Frank Drebin would say, âNothing to see here.â
URI [1]: https://youtube.com/watch?v=aKnX5wci404
czhu12 wrote 7 hours 16 min ago:
Their English Wikipedia page is deleted as of 1:42am pst. Any idea what
thatâs about?
codetrotter wrote 6 hours 31 min ago:
[1] shows the history of deletions and creations of the page.
The current deletion is for reasons that include lack of NCORP
(Notability (organizations and companies)). And they back that in
turn by saying that the sources are weak.
I understand on one side that they donât want every company in the
world to have a Wikipedia page. Because the point of Wikipedia is not
to promote or legitimise every company in the world.
But youâd think that at the point where widely covered news of a
hack leading to a loss of a billion dollars and a half, would be
reason to have a Wikipedia article about it.
And instead they went and deleted the article today.
Thereâs probably additional editing of the page itself that you can
dig into the history of if you want to see what happened during the
past couple of days leading up to the page being deleted again.
For me, Iâll file this under Wikipedia Editors gonna Edit. They
have all kinds of edit wars and page deletions going on all the time
in the background that the rest of us mostly donât even notice most
of the time. And all over Iâm still happy with Wikipedia for all of
the information it has collected within.
URI [1]: https://en.m.wikipedia.org/wiki/Bybit
card_zero wrote 6 hours 10 min ago:
It could be resurrected if there are multiple news stories making
it notable for being hacked. It would have to be rewritten, though,
to give it substantially different content. [1] Here's the
discussion from the second time it was deleted: [2] They're
basically saying "nah, that's spam". So when it was recreated yet
again, of course it was speedily terminated with prejudice because
it just looks like another spam attempt.
Not sure if there's a rule against covering news stories. Seems
like we wouldn't want an article on every news event (I'm pretty
sure there is a rule against that), but Crowdstrike got an article.
URI [1]: https://en.wikipedia.org/wiki/Wikipedia:Speedy_deletion#G4
URI [2]: https://en.wikipedia.org/wiki/Wikipedia:Articles_for_delet...
sub7 wrote 7 hours 54 min ago:
These are not hacks, just like Mtgox, Celsius, FTX etc etc etc were not
hacks. These are crypto insiders supporting the stablecoin so they can
print and set a floor on prices before/during potential mass sell off
events.
russnes wrote 8 hours 12 min ago:
Kim Jong 1337 hacker strikes again
nodesocket wrote 8 hours 18 min ago:
My understand is that the original transaction was a small fraction of
the total balance of ETH in the wallet. How then were they able to
liquidate the entire ETH wallet?
plantain wrote 8 hours 39 min ago:
How on earth is it possible they can cover a 1.5B loss? Are they really
sitting on that much profit, or is the goal to ponzi it out from here,
MtGox style?
EVa5I7bHFq9mnYK wrote 2 hours 11 min ago:
Yes, the profits are insane in that business. Binance was raided for
a similar amount, and paid it out easily. Mtgox was raided for
â¿650k ($60B in today's money), and plans to return â¿140k to
traders. However, I believe most Mtgox investors are better off this
way because they were forced to hold onto their investments;
otherwise, they would have sold at around $1,000 or so.
snailmailstare wrote 1 hour 58 min ago:
This loss is more than 5% of their holdings.. To me that implies
the supposed benefit of crypto is nonexistent. If an institution is
making so much money off your crypto assets that they can return 5%
of them, they are a bank doing whatever it was that was so evil.
Saline9515 wrote 2 hours 23 min ago:
Bybit is one of the most used crypto exchanges and does >100M$ of
revenue per month, growing fast.
If this isn't enough, I'm sure that every crypto VC would line up to
buy a single digit % of their equity to cover up the hole. Crypto
hosts the most profitable businesses in the world.
FabHK wrote 2 hours 7 min ago:
> Crypto hosts the most profitable businesses in the world.
Well, because the retail clients expect to get rich and don't mind
paying 1% or so fees per exchange.
Similarly, the BTC future basis (the difference between the spot
price and future price) on many exchanges around 10 to 5 years ago
was easily 80% p.a. which you could realize by buying Bitcoin and
selling the future. What happened there is that people going long
Bitcoin with leverage essentially borrowed the money giving them
that leverage at usurious rates (this implied rate is not usually
displayed and thus invisible to your average retail client, but
definitely very visible to the finance professionals moonlighting
in crypto (such as Jane Street, Jump trading, and many others)).
Crypto use case: ripping off retail.
Saline9515 wrote 1 hour 53 min ago:
You pay 1% on Coinbase because they are a quasi monopoly due to
regulation. Offshore exchanges take less than 0.1% usually.
The neutral rate for perps is 10%, which is lower than the credit
card borrowing rate in the USA. And nothing prevents retail
investors to earn it by shorting while holding spot.
Last, Tether is crypto's most profitable business, and likely the
world's most profitable if you account on $ of profit per
employee, and is not an exchange.
FabHK wrote 1 hour 48 min ago:
Tether is an absolutely remarkable business, indeed. Basically
an unregulated bank that pays no interest and follows no
KYC/AML/ABC/CTF rules (because they just deal with wholesale,
and then the Tethers are transacted on some permissionless
"who, me?" blockchain).
Remarkable dereliction of responsibility. I don't understand
why we let them get away with it.
lxgr wrote 1 hour 22 min ago:
Presumably for the same reason the US let offshore banks get
away with creating Eurodollars in the past: It's useful to
maintain the status of the US dollar as the currency of
global trade.
This utility has always been at odds with the (relatively
recent in comparison to Eurodollars, as far as I understand)
desire to and ability of the US government to use USD
financial rails as a political tool via sanctions.
Saline9515 wrote 1 hour 30 min ago:
Yes, that's the concept of crypto. Uncensorable transactions.
USDT is used in many countries that have capital controls,
shoddy banks, or simply no proper payment infrastructure.
Stablecoins work on week ends and are settled instantly. It's
a superior form of money compared to what your average bank
proposes.
And of course that stablecoin providers conduct AML and KYC
when you redeem/mint them. It's like complaining that the
gold foundries don't control the secondary market for ingots
and gold coins.
Gorkys wrote 2 hours 48 min ago:
In crypto, there is the concept of the "fictional reserve" which can
be used in situations such as this.
DrillShopper wrote 26 min ago:
If it's big enough you can even get the devs to fork the blockchain
to reset things (see The DAO)
It's not that crypto folks don't want some protection from hacks or
fraud - the just think it should only be for the rich.
jqpabc123 wrote 3 hours 45 min ago:
How on earth is it possible they can cover a 1.5B loss?
Easy! They give Binance an IOU in exchange for 1.5 billion BUSD which
is just "minted" out of fresh new electrons. Neither of them has
really lost anything. Everyone can carry on as if it never happened.
In the bizarro world of crypto, this is business as usual.
Saline9515 wrote 2 hours 22 min ago:
Binance doesn't mint BUSD, BUSD is emitted by Paxos, which is an
american licensed company.
m00dy wrote 1 hour 54 min ago:
Gary Gensler called BUSD a security and banned it years go. What
a guy!
jqpabc123 wrote 1 hour 56 min ago:
I have a license to drive a car. Having it doesn't limit my
ability to mint crypto.
Saline9515 wrote 1 hour 47 min ago:
[1] It was approved by the New York State Department of
Financial Services (NYDFS).
URI [1]: https://www.dfs.ny.gov/consumers/alerts/Paxos_and_Bina...
jqpabc123 wrote 1 hour 38 min ago:
From your reference:
The Department has not authorized Binance-Peg BUSD on
any blockchain, and Binance-Peg BUSD is not issued by Paxos.
If you insist, feel free to replace BUSD with an unregulated
"stable coin" of your choice. How about FDUSD?
Saline9515 wrote 1 hour 25 min ago:
The sentence right before says "It is important to note
that the Department authorized Paxos to issue BUSD on the
Ethereum blockchain."
As far as I know Binance ended the Binance-pegged BUSD (the
BNB chain version bridged from ethereum) without any
problem or holder loss?
killerstorm wrote 3 hours 24 min ago:
How it it different from what banks do? (Except for a central
regulator.)
skeeter2020 wrote 2 hours 57 min ago:
Banks don't print money for each other, and if they get money for
free it's backstopped by the government and hence all of us.
Crypto wants this single aspect but none of the central
regulation.
Both systems stink for those at the end of the chain, i.e. us;
you can decide which one is worse.
killerstorm wrote 1 hour 43 min ago:
Banks borrow from each other all the time. What do you think
"overnight loans" is for? And when banks gives a loan that
creates money
Fade_Dance wrote 2 hours 59 min ago:
Because while banks hold duration, the net value of their current
assets, future asset streams, and equity is above zero. Indeed
the core focus of the business and regulatory side is ensuring
this is so.
The central regulator caveat is also a huge caveat to brush
aside. During the last round of systemic stress, the banking
system essentially got a guarantee that all uninsured deposits
would be protected, and banks were allowed to post their
collateral for liquidity at terms that no other business has
access to.
What OP is referencing is the oft-seen practice in the crypto
space where failed entities fill an asset hole with propped up
tokens, essentially transforming their paper loss on the balance
sheet into liquidity risk that doesn't show as readily.
The important point here is that in the latter case, the entity
may be fully insolvent, even after accounting for future
cashflows on loans. When it comes to banks, even the left tail
cases like SVB, their "problem assets" are things like long term
treasuries, which are way down the risk curve when compared to
the ponzi-tokenonics style "stablecoins" that we've seen unwind
over the past few years.
jqpabc123 wrote 3 hours 6 min ago:
How it it different from what banks do? (Except for a central
regulator.)
Your exception is the answer.
Only the central regulator can "mint" money and doing so has real
world consequences. The central regulator has financial
incentives to limit this sort of activity.
The bizarro world of crypto has no such regulation and as a
result, it is inherently unstable.
The proof of this is right in front of you --- it is the fact
that "stable coins" exist. The only way to bring stability to the
bizarro world of crypto is by tying it to "fiat" --- which is the
very thing crypto is supposedly working to eliminate.
Contradict and hypocrite much?
desumeku wrote 58 min ago:
They are being loaned ETH to cover withdrawals and prevent what
would amount to a bank run, not stablecoins. This entire
comment chain is stupid and pointless.
killerstorm wrote 1 hour 56 min ago:
False. Money on your bank account is backed by bank's assets,
not by the central regulator. Recommended reading: [1] , M1
money supply, etc.
> The only way to bring stability to the bizarro world of
crypto is by tying it to "fiat"
False. It's possible to make stable-coins using just price
oracle and collateral. "Fiat" is not necessary. E.g.
URI [1]: https://en.wikipedia.org/wiki/Fractional-reserve_banki...
URI [2]: https://www.liquity.org/bold
jqpabc123 wrote 1 hour 44 min ago:
It's possible to make stable-coins using just price oracle
and collateral.
Most attempts at "algorithmic" stable coins have failed. See
TerraDollar, Luna and Titan.
killerstorm wrote 1 hour 30 min ago:
Over-collateralized stables are different from
"algorithmic": the algorithmic ones are not fully backed by
reserves.
rafale wrote 1 hour 16 min ago:
They are very capital inefficient and still can fail
during black swan events.
bryant wrote 1 hour 52 min ago:
> False. Money on your bank account is backed by bank's
assets, not by the central regulator. Recommended reading:
[1] , M1 money supply, etc.
You didn't even finish reading the first paragraph.
> Bank reserves are held as cash in the bank or as balances
in the bank's account at the central bank
The collapse of svb shows how much the central regulator
cares about making sure the entire banking system doesn't
fall apart, too.
With the way you remarked "false" at the OP, though, I don't
expect you're here for an engaging and educational
discussion, so I'll leave it here. lol
URI [1]: https://en.wikipedia.org/wiki/Fractional-reserve_ban...
owlninja wrote 2 hours 32 min ago:
I saw a quote somewhere:
>Crypto is speedrunning the entire evolution of finance to end
up at the same place
desumeku wrote 1 hour 3 min ago:
I sure hope we don't end up in the same place where the
monetary system is only being held up by the fact that there
is more debt than money creating an endless competition for
the limited quantity of money that exists in order to pay off
ever-increasing debts and expenses with a currency that is
continually debased throughout the process.
DrillShopper wrote 37 min ago:
We're already there. That's called "going to the moon".
That's the end state. Get in, ride the rise, and then sell
out and tell others to "buy the dip".
jqpabc123 wrote 2 hours 12 min ago:
I saw a quote somewhere:
Those who don't learn from history are doomed to repeat
it.
The only thing new about crypto is paper has been replaced by
electrons.
Individuals/banks minting their own money has been tried
before. It didn't go well.
philipov wrote 1 hour 37 min ago:
However, this quote is usually intended to be a warning,
not an opportunity to run all the old scams again.
These people hear it and think "You mean we get to repeat
history?!"
mikeyouse wrote 7 min ago:
Itâs not an uncommon joke about how easy it would be to
be a serial killer or bank robber in âthe olden daysâ
- just need to move 1 town over and you can do it all
again which has a strong similarity to being able to
commit crypto crimes with hardly a consequence by virtue
of doing it across jurisdictions..
phony-account wrote 3 hours 7 min ago:
> How it it different from what banks do?
I often read this sort of comment from crypto-defenders, but is
it what banks do?
Iâm relatively naive about these things, but my impression is
that a bank losing this proportion of their assets canât just
âpretendâ they have the money, or create ânewâ money.
malfist wrote 2 hours 14 min ago:
That's because they're mistaken. In traditional banking only
the central authority can print money, not the individual
banks.
If someone stole a trillion dollars from JP Morgan, JP Morgan
can't make themselves whole by creating a new trillion dollars.
The central authority might guarantee the customers of JP
Morgan that their money is protected, but they won't print
money to make the bank whole.
lxgr wrote 1 hour 39 min ago:
That's one model/theory for how modern money creation works.
Another is modern monetary theory (MMT), and in that,
commercial banks are indeed the primary creators of money,
with the central bank playing a technically more passive
role.
Still, in either model of money creation (i.e. classical
"money multiplier" and MMT), governmental regulators (which
can be the central bank or others) do ultimately control the
rate of money creation via various mechanisms.
killerstorm wrote 1 hour 41 min ago:
False. Banks create money.
URI [1]: https://en.wikipedia.org/wiki/Money_creation
JW_00000 wrote 1 hour 21 min ago:
Banks create money by issuing loans; but they can't create
money out of thin air if $1.5B was stolen from them.
tonyhart7 wrote 3 hours 22 min ago:
FEDS can print money while Binance does not
skeeter2020 wrote 2 hours 51 min ago:
not exactly true - Binance is indeed "printing money", just
with no centralized regulation. When the Feds do it the
expectation is that they are aware of the long-term impacts of
doing so, and include in their calculation. For crypto it's the
opposite: do it before you erode trust & goodwill to the point
where it's no longer valuable. I see it more like it is very
different than printing money in a economy that's perceived as
stable and quite similar to printing money in one where the
people have no faith in the value of sovereign currency. So the
crypo-promoters are right about the use-case in certain
jurisdictions, but the problem is that's not where the wealth
is, so they target rich economies that tend to have stable
government currencies & established banking, and do not need
crypto for legitimate tasks.
tonyhart7 wrote 2 hours 18 min ago:
I doubt they can because they peg it to USD, do you think
they can pay aws bill with busd??? maybe you can but people
with busd would convert it to usd at some point
qqqult wrote 5 hours 32 min ago:
bybit makes $100 million a month and has substantial excess reserves
rvz wrote 5 hours 12 min ago:
A lot more money than the majority of AI startups and it is
creating jobs rather than purposefully destroying them.
skeeter2020 wrote 2 hours 47 min ago:
yes, great jobs: "I used to have to GO to the casino to play
slots, and even without the one arm bandits, had to physically
push the button. Now I work from anywhere!"
laughingcurve wrote 2 hours 55 min ago:
I respect everyone's coping mechanisms, including yours.
cmcaleer wrote 5 hours 40 min ago:
These exchanges make an absurd amount of money. That amount of money
is basically a decent quarter for Coinbase in fee revenue, and Bybit
is smaller but it isn't that much smaller.
It sucks if you're Bybit, but they're going to have plenty of lenders
happy to provide them liquidity while they make it all back.
scrlk wrote 4 hours 26 min ago:
I can understand why some FTX creditors are pissed that the
exchange didn't start back up under new management. They would have
actually been made whole, unlike the current situation where
they're getting "repaid" but pegged to November 2022 valuations
(i.e. the absolute bottom of the crypto bear market).
ghhrjfkt4k wrote 6 hours 12 min ago:
FXCM forex trading broker covered a similar sized loss of client
money (not hack) when EUR/CHF was unpegged in 2015.
Since it was a profitable broker business, another bigger broker gave
them the money to plug the loss in exchange for taking over the
business.
earnesti wrote 7 hours 47 min ago:
Fractional reserve helps.
reisse wrote 7 hours 53 min ago:
Bybit trading volume is in tens billions of dollars daily. Their
comission rate for the retail traders is up to 10bp (0.1%). Even
considering a huge part of that volume is coming from institutional
players who enjoy significantly reduced commission rates, I think
they're surely making few million dollars daily on comissions alone,
maybe tens of millions in a good day. And besides comissions, they
also have other sources of profit, like staking, crediting customers,
and forced liquidations.
Being a crypto exchange in current market is very profitable. If the
crypto itself does not collapse, I think it's totally possible for
them to repay that sum in a year or less.
xnickb wrote 4 hours 9 min ago:
I'm nowhere near expert on any of the things below, but:
My gut tells me if an exchange makes as much money as you suggest,
people involved in that exchange are making even more profit from
the said exchange, otherwise they wouldn't engage. The whole thing
being literally money out of thin air, it feels like a huge bubble
that should inevitably burst bringing down _ a lot _ of collaterals
with it.
malfist wrote 2 hours 10 min ago:
You might be interested in reading Warren Buffett's reasoning for
not investing in crypto. Basically he says crypto produces no
goods, products or services, and it's only value comes from
finding a "bigger fool" to pay a higher price than you did for
it.
It's value is from speculation assuming future speculation will
assume more future speculation
DrillShopper wrote 30 min ago:
DunningâKrugerrands
desumeku wrote 54 min ago:
It's easy to agree with this position if you deliberately
ignore that the "service" crypto provides is a decentralized,
censorship-resistent, self-contained, global system of finance
that is designed specifically for the modern internet age and
which does not need to be under the control of any particular
nation-state or company in order to function.
Otherwise, it is clear where the value comes from.
2OEH8eoCRo0 wrote 3 min ago:
Do you think Buffett isn't aware of these things?
themgt wrote 3 hours 24 min ago:
Yeah, as a layman this MSTR explainer was an "aha" moment for me:
No, what is likely happening with all the convertible bond issues
is that MicroStrategy prices the bonds in a manner to attract
market neutral hedge fonds, meaning arbitrageurs. Saylor has
briefly mentioned these firms, as opposed to firms seeking actual
Bitcoin exposure. For issue after issue, they can be spotted as
the largest bond holders by anyone with a Bloomberg terminal. By
buying the bonds, even when conversion price is at a large
premium, and by simultaneously shorting the shares, these
arbitrage funds can lock in close to risk-free profits. Due to
the convex nature of the value of the convertible bonds, the
hedge funds attempt to profit no matter whether MicroStrategy
shares rise or decline
Like, a broker profiting off PFOF in the stock market makes sense
because there's an underlying asset generating real cashflow that
people are buying into. But where is the money in crypto actually
coming from? You have to pay miners, brokers, rugpulls/thefts/etc
and there's barely any cashflow from the underlying assets
(dApps?). But if it really is ~just a casino, with retail
gamblers as the only real source of cash, it can still be
profitable for smart money to pour billions in and use their PhDs
to trade the vol. It goes up, it goes down, overall retail is
bleeding huge amounts of cash on a sort of 5 dimensional pyramid
scheme but enough gamblers go viral winning the slots/blackjack
that the casino doesn't run out of customers.
Can this continue indefinitely? Maybe / probably? Seems similar
to sports betting, Polymarket, retail now ~70% of options
trading. The west and especially America becoming a gambling
culture. The "bubble" may burst and reinflate over and over.
URI [1]: https://medium.com/@bdratings/all-your-models-are-destro...
nullc wrote 1 min ago:
URI [1]: https://www.oneweirdkerneltrick.com/polytope.pdf
treyd wrote 1 hour 24 min ago:
> Due to the convex nature of the value of the convertible
bonds, the hedge funds attempt to profit no matter whether
MicroStrategy shares rise or decline.
This sounds exactly like the rationale for the box spreads
incident on WSB a couple years ago.
"literally cannot go tits up!"
alberth wrote 3 hours 33 min ago:
Coinbase charges 100bps (1%) between trader & maker fee.
Just last quarter, Coinbase had:
Revenue: $2.2B
Net Income: $1.3B [1]
URI [1]: https://help.coinbase.com/en/exchange/trading-and-fundin...
URI [2]: https://s27.q4cdn.com/397450999/files/doc_financials/202...
FabHK wrote 2 hours 4 min ago:
Note that Coinbase (like most exchanges) charges retail clients
outrageously high fees (orders of magnitude more than you would
pay at a competitive FX or equity broker), but institutional
and whales that trade a lot very small fees.
Yet another way crypto moves money from poor suckers to
insiders.
alberth wrote 1 hour 47 min ago:
You just described volume-based discounts.
Whatâs so wrong with that?
Itâs the same reason why buying a single soda at a
convenience store cost more (per unit) than buying a large
pack at Costco.
_factor wrote 24 min ago:
Try to become an insider at one of these exchanges even
with a couple million dollars. See how it goes.
This is like Coke ONLY giving discounts to Costco instead
of anywhere else so that Costco can reap the rewards.
Walmart, Target, they can all pay full price.
The convenience store spends more money to package
individual items. A crypto transaction is the difference
of a keystroke. They are not comparable on many fronts.
plantain wrote 7 hours 9 min ago:
Most of the trading is not done by retail traders but at much lower
fees than that, if not being paid (market makers). I just can't
make it add up.
reisse wrote 6 hours 33 min ago:
I know! As I stated,
> Even considering a huge part of that volume is coming from
institutional players who enjoy significantly reduced commission
rates...
But the volume is huge. Even if we take the best publicly shared
MM rates from Bybit (which is 1.5bp taker commission, 0.5bp maker
rebate), and assume the whole volume is traded with these rates,
it is still 1bp from 40B dollars, which is 4M dollars daily.
skeeter2020 wrote 2 hours 49 min ago:
even if this is true, they'll use their entire cashflow for
more than a year to cover a single loss? That's not how
business works...
spaceman_2020 wrote 6 hours 57 min ago:
Hyperliquid, a decentralized perp exchange, is a good proxy for
ByBitâs revenues. On an average, Hyperliquid does between
800k-1M in revenue per day. ByBit is substantially bigger and
easily does 50-100M in monthly revenue
Animats wrote 8 hours 40 min ago:
Who says ByBit can cover the loss? The article title says that but the
article quotes do not. The CEO only said that their other cold wallets
are intact and that withdrawals remain normal.
Bybit claims to be regulated by the Virtual Assets Regulatory Authority
of Dubai.[1]
But the lookup page at VARA says they only have "In-principle
approval", not a full license. "Applicants holding an IPA are strictly
prohibited from initiating operations, conducting any virtual asset
activities, or servicing clients until they have obtained their full
VASP licence from VARA."
Uh oh.
URI [1]: https://www.vara.ae/en/licenses-and-register/public-register/
zaphodias wrote 7 hours 45 min ago:
> Who says ByBit can cover the loss?
CEO on X
DonHopkins wrote 4 hours 24 min ago:
When has the CEO of a cryptocurrency exchange ever lied before?
What possible motivation would he have to not tell the truth, the
whole truth, and nothing but the truth?
Harumph!!!
Gentleman, please, rest your sphincters!
URI [1]: https://www.youtube.com/watch?v=g2Bp8SqYrnE
nprateem wrote 7 hours 55 min ago:
They're probably just saying that to avoid a run.
Geee wrote 9 hours 5 min ago:
There should be something like a "finalizing transaction", which both
the sender and receiver need to sign after the first transaction has
been mined, i.e. like an in-built escrow. If it's not signed by both,
then funds are returned. This wouldn't protect against key leakage, but
in this case, the tx was signed by accident. This would also protect
against sending to wrong address.
tromp wrote 8 hours 14 min ago:
There are cryptocurrencies in which transactions must be signed by
both sender and receiver, such as those implementing the pure
Mimblewimble protocol.
> Both the sender and receiver need to sign after the first
transaction has been mined
That makes no sense; miners don't mine transactions unless they're
guaranteed to be valid. All signing must be done before transactions
are even published. Otherwise one could DoD-attack the network by
having it forward tons of invalid transactions.
vlovich123 wrote 3 hours 21 min ago:
Youâd mine the first transaction which is a nominal value but the
rest of the transaction wonât get mined until that first
transaction is signed by both parties indicating acceptance. You
could even break it down into an arbitrarily multi-stage process
where the next stage is exponentially larger more money (i.e.
transfer $100, then transfer $1000, then $1000, etc). This would
make the accident âhit a button and lose a B right awayâ much
harder to pull off. Of course, in this case I donât know that it
would help as I believe the attacked party signed approval to
change the contract itself.
dcow wrote 5 hours 45 min ago:
What does DoD stand for, in this context?
ykonstant wrote 4 hours 5 min ago:
Department of Defense; after the research funding cuts, the
bureaucrats had to get creative about money sources.
joshstrange wrote 4 hours 24 min ago:
I think they meant DoS.
tromp wrote 2 hours 47 min ago:
Correct. Noticed typo too late to edit...
Mengkudulangsat wrote 8 hours 59 min ago:
This would also protect againts dusting attacks.
Illicit addresses sending to thousands of random recipients and
making them all marked by automated KYC systems.
thesumofall wrote 9 hours 16 min ago:
In case of a state actor just imagine the weapons that could be bought
with this kind of money and the potential lives lost due to this mess
rNULLED wrote 9 hours 21 min ago:
> have a wallet, work at bybit
> understand backdoor
> steal money from your account, some from others
> bybit pays you back
> still have money you stole
qingcharles wrote 9 hours 53 min ago:
Can someone even explain what Bybit is actually about? I searched
around when the hack was announced, but I'm very confused. Mostly what
I saw said "scam" on it.
This isn't your run-of-the-mill Coinbase style exchange, right?
billfruit wrote 7 hours 11 min ago:
Also a major sponsor of Red bull Racing in Formula 1.
cypherpunks01 wrote 9 hours 46 min ago:
It's the second largest crypto exchange by volume globally, behind
Binance. Specialized in derivatives but they have lots of regular
retail products that you might find at Coinbase. Basically like a
bigger version of Coinbase from Asia.
zer0x4d wrote 10 hours 2 min ago:
I'm a huge crypto believer but I can admit that we don't have a serious
system if a person can just transfer over $1.5B from a well known
crypto cold wallet to different accounts with nothing flagging it and
no way to reverse it.
j8k99kuyr wrote 4 hours 36 min ago:
Code is law, no?
nilamo wrote 7 hours 43 min ago:
Those all sound like stated objectives of crypto.
silisili wrote 8 hours 16 min ago:
Right on. My bank calls me every time I send money out. And I'm
talking like $50. I used to find it annoying, but now I'm blown away
every financial system doesn't...
cmcaleer wrote 5 hours 48 min ago:
On the one hand, I understand banks attempting to protect customers
and limit liability, on the other hand, frankly I have better
things to do with my time than spend 30 minutes waiting in a phone
queue because I had the audacity to go on holiday and attempt to
spend $20 on ice cream.
otabdeveloper4 wrote 8 hours 34 min ago:
> let's reinvent the banking system except worse in every way
JamesLefrere wrote 9 hours 12 min ago:
Solutions have existed for years (eg Gnosis Safe), they just arenât
being used by that exchange.
jgilias wrote 8 hours 37 min ago:
Canât tell if youâre trolling here or not, but good one either
way!
mhmmmmmm wrote 9 hours 8 min ago:
Bybit was quite literally using Gnosis Safe for the compromised
wallet.
JamesLefrere wrote 3 hours 23 min ago:
lol. Good times.
zer0x4d wrote 9 hours 2 min ago:
I can't believe someone posted that without knowing they actually
used Gnosis Safe
JamesLefrere wrote 3 hours 23 min ago:
Believe it, baby
JTyQZSnP3cQGa8B wrote 9 hours 20 min ago:
You like decentralized money without laws and accountability, but
would like to have a central thing (TBD) that is accountable and
respect laws? How would that work?
zer0x4d wrote 9 hours 3 min ago:
I'm not too sure but few things come to mind:
1. Upgrade protocol to include protections for well known cold
wallets held by exchanges (ex: API call has to be made to the
exchange's security endpoint to validate each transaction out of
the wallet. Exchange staff would need to manually allowlist large
transactions before they are transmitted).
2. Decentralized voting on reversal of transactions (90-95%+ vote
needed to reverse to avoid 51% attacks)
killerstorm wrote 1 hour 14 min ago:
Ethereum is programmable, such a protocol can be implemented as a
smart contract.
lucianbr wrote 2 hours 11 min ago:
Good luck getting 90% of a large group of people to vote the sky
is blue.
j8k99kuyr wrote 4 hours 37 min ago:
> 2. Decentralized voting on reversal of transactions (90-95%+
vote needed to reverse to avoid 51% attacks)
Couldn't you technically just 'git checkout' a previous commit
from before the fraudulent transaction occurred and pretend it
never happened? Isn't the real problem that you'd have to
convince a majority of users to do the same?
rs186 wrote 5 hours 56 min ago:
Not going to work, otherwise it would already have been done.
People who control or take advantage of cryptocurrency don't want
this to happen.
jeswin wrote 8 hours 57 min ago:
This is getting pretty close to the banking system, at which
point one needs to ask - maybe just improve existing protocols?
stouset wrote 9 hours 56 min ago:
In the face of the never-ending list of these kinds of events, the
laughably impossible task of average nontechnical individuals
protecting their own assets (and the consequence of total financial
ruin when they fail to do so), the overwhelming number of and size of
scams, rug pulls, fraud, outright Ponzi schemes, and on and on and
on⦠what exactly is left to keep anyone a âhuge believerâ?
Put differently, itâs been seventeen years of constant and
escalating mayhem. What would finally be enough to shake your faith?
desumeku wrote 41 min ago:
Maybe when it stops escalating and getting bigger and bigger and
continually growing over time?
simpsond wrote 4 hours 18 min ago:
My faith would shake when scams, rugs, fraud, and ponzis completely
stop outside of crypto.
FabHK wrote 1 hour 55 min ago:
The "oh but there's crime in fiat" argument holds no water.
Sure, HSBC facilitated money laundering and drug trafficking in
Mexico. And when it came out, the fiat response was a huge outcry
and putting a stop to it.
The crypto response is to say "screw the laws, let's go all in
with money laundering and drug trafficking".
It's like noticing that kitchen knives are occasionally used for
murder, and then concluding that it's a good idea to sell machine
guns at every corner.
Fiat is indispensable, and (due to regulation) better for
legitimate purposes than for crime.
Crypto is entirely dispensable, and (due to its inherent
limitations (inefficient, slow, cumbersome)) better for crime
than legitimate purposes.
desumeku wrote 38 min ago:
Fiat is not indispensable, hello. Did you forget that human
societies used to primarily have metallism-based economies
before central banks managed to entrap the entire world in a
system of debt slavery?
simpsond wrote 56 min ago:
Fiat currencies have collapsed in the past due to bad monetary
policy (regulation is only good right?). Ask Argentinians how
they feel about stablecoins after rapid inflation.
Alternative currencies offer competition and access. Why is
that such a problem?
cmcaleer wrote 5 hours 54 min ago:
> what exactly is left to keep anyone a âhuge believerâ?
I don't really engage in the ponzibucks part and don't touch
exchanges except to on and off-ramp, and use crypto to pay for
things like hosting, seedboxes, or other services I might not
necessarily want my debit card directly attached to.
I like sending vendors $100 and spending $0.00005 in transaction
fees and knowing that they'll get $100 (or $99 with some 3rd party
integration like Coinbase Commerce) versus spending $100, of which
Stripe gets $5 of and the vendor only sees ~$95 if I don't feel
like I need the protections of a card, which is frequent but not
all the time.
Crypto fits a niche in my life well, despite the wider crypto world
having dumb controversies. Just like my HSBC bank account fits a
niche well, despite HSBC's wikipedia page being ~50% controversy
section by word count.
joshstrange wrote 4 hours 9 min ago:
Your transfer fees are a bit off.
Coinbase is 10,200x more than you stated ($0.51 to send $100) BUT
thatâs only if I send directly on Coinbase. Coinbase Commerce
takes 1% so it would actually be 20,000x more than you listed.
Stripe is 64% of what you stated ($3.20), and thatâs with no
processing fee discounts like you can get with higher volume.
Now, obviously, $3.20 > $1 but itâs not apples to apples. You
can claw back your money with a card for one. there are many
cases where I would prefer to pay the extra $2.20.
FabHK wrote 2 hours 18 min ago:
Credit card interchange fees being ridiculously high is pretty
much a US thing:
> In the United States, the fee averages approximately 2% of
transaction value. In the EU, interchange fees are capped to
0.3% of the transaction for credit cards and to 0.2% for debit
cards, while there is no cap for corporate cards.
Sensible regulation can make a big difference.
FWIW, I can pay bills by initiating a transfer both in HK and
the EU instantaneously and for free.
Note also in your comparison of costs that most people still
use fiat, and then pay the enormous fees of exchanges like
Coinbase or Bybit that (for retail investors) are ridiculously
high. So, a fiat-crypto-transfer-crypto-fiat round trip has
another 2% or so on top (plus volatility).
URI [1]: https://en.wikipedia.org/wiki/Interchange_fee
crazygringo wrote 2 hours 3 min ago:
It's also not even 2% in reality.
It goes to rewards which go straight back to the consumer.
My main credit card gives me 2% back on all purchases. In
cash. Zero annual fee. And it's a card anyone with a normal
credit score can get. Nothing special about it.
It really only makes sense to compare interchange fees after
subtracting the proportion of them that get paid back to
consumers.
FabHK wrote 1 hour 52 min ago:
Sure, smart consumers can claw back some of that. But what
you have then is merchants raising average prices, and
consumers that use such credit cards being subsidized by
those that don't.
cmcaleer wrote 2 hours 23 min ago:
Solana is the main chain I use for these transfers, and itâs
0.000005 SOL * $170/SOL = $0.00085 to transfer any amount of
USDC. so I was a little off there. My apologies for a $0.0008
error.
By the way, I specifically mentioned Coinbase commerce takes
about a dollar:
> $100 (or $99 with some 3rd party integration like Coinbase
Commerce)
Stripe fees vary, but in a frequent case where a user is using
an international card in a foreign currency itâll very easily
get close to 5%.
For me, yeah $2.2 is relatively immaterial. For a provider
whoâs doing $1MM in crypto transactions? Somehow I suspect
that a few percentage points are quite meaningful, and I get
the benefit of not having to explain what a seedbox is to my
bank if they ever call me.
Again, crypto as a payment method is not for everything. But
itâs quite nice to have the option.
manquer wrote 7 hours 33 min ago:
> What would finally be enough to shake your faith?
Permanent and major market crashes is the only thing I can think of
.
After the last crash a lot of fraud and incompetence got out
because they couldnât stay solvent, stuff like Celsius or FTX etc
got exposed only because of the crash we had in 21/22.
It will take a few crashes, like that, until then scams or
incompetence like this incident will not make people loose their
money.
Few crashes, then most believers will loose their savings then the
faith will shatter not until then.
Most people are after all investing in crypto because it goes up
and not because they believe in decentralized currencies. As long
as they hear how someone is making money on crypto they will keep
believing no matter how many meme coins pull the rug, or exchanges
fail or pig butchering or myriad of other scams come to light
ericjmorey wrote 7 hours 47 min ago:
Movement of funds from one sovereign nation's jurisdiction to
another is important when one jurisdiction is in crisis or
restricting capital flows.
nprateem wrote 8 hours 0 min ago:
They've seen other people make loads of money (or maybe made a load
themselves) and are still in the game hoping to make loads more.
dandanua wrote 9 hours 2 min ago:
> What would finally be enough to shake your faith?
Crypto scams run by top government officials? Oh, wait...
LoganDark wrote 7 hours 58 min ago:
and the existence of financial scams isn't the same for fiat
because...?
stouset wrote 7 hours 47 min ago:
Have you seen the absurd lengths people have to go to to
actually scam people out of significant sums of actual money?
It doesnât even remotely compare and if you canât
acknowledge that, youâre willfully ignorant or a future mark
yourself.
throwawayqqq11 wrote 9 hours 2 min ago:
> what exactly is left to keep anyone a âhuge believerâ?
Bias. I expect believers to have earned a profit or still hold
significant quantities of crypto assets.
But in their favor, trust in any currency is the foundation of its
value. States create it by collecting taxes and paying employees.
Crypto currencies generally lack that heavy weight central
authority, so they kind of have to believe to the point where they
get burned.
throwaway_v wrote 10 hours 28 min ago:
woops
medellin wrote 10 hours 30 min ago:
Old man yells at cloud vibes every time a crypto post comes on HN.
No interesting discussions ever. Just axes being sharpened and people
who dislike it taking the opportunity to gloat. I would characterize
the pro crypto people but I donât see any. Which is said because over
the last 5 years I have found crypto, bitcoin, and stable coins to be
extremely useful when helping family members in emerging markets.
But hey itâs all trash, the west doesnât need it so letâs all
dance on its grave.. i guess we will keep dancing for another 15 years.
ddorian43 wrote 10 hours 23 min ago:
There's no interesting discussion to be had. That's the simple reason
you always miss.
rkagerer wrote 16 hours 30 min ago:
There's some info and speculation in these two (distinct) articles, but
I'd love to know technical details of where the gaffs were.
eg. Was client software compromised? Did the multisig keyholders
succumb to social engineering? Were the signers using airgapped
machines / hardware devices? [1]
URI [1]: https://archive.ph/YMZrq
URI [2]: https://blockworks.co/news/bybit-hack-raises-security-question...
fresh_geezer wrote 6 hours 1 min ago:
Here is what the CEO wrote on X:
"Bybit ETH multisig cold wallet just made a transfer to our warm
wallet about 1 hr ago. It appears that this specific transaction was
musked, all the signers saw the musked UI which showed the correct
address and the URL was from @safe . However the signing message was
to change the smart contract logic of our ETH cold wallet. This
resulted Hacker took control of the specific ETH cold wallet we
signed and transfered all ETH in the cold wallet to this unidentified
address."
[yes, it says 'musked', assuming they meant masked. @safe is [1] ]
Unfortunately most hardware wallets can't interpret EVM smart
contract transactions and asks you to sign a big binary blob that is
supposed to match what you see on your computer screen (it's
literally called blind signing). He said in the tweet and later on a
live stream that they verified that the URL was correct, and there
were several signers in different locations on different machines.
Logically the UI must have been manipulated for all of them, which I
can think of a few different ways to do:
- The signing link was replaced somehow over whatever medium they
sent it to each other, pointing to something that either looks like
the original UI (perhaps IDN homograph domain) or is the actual site
if it has some weakness that allows script injection to manipulate
the page
- The server side was exploited to serve a manipulated page
- Client side malware that injects something in the browser to
manipulate the page
- Some kind of network/DNS attack combined with mis-issued TLS
certificate (or injected CA)
It points to some level of sophistication and long-term observation
of their internal systems to know what the process looks like and
devising an attack.
Will be interesting to read when/if they release a full analysis.
URI [1]: https://safe.global/wallet
DennisP wrote 15 min ago:
They could have used a hardware wallet like the Lattice1 from
GridPlus, which actually shows the function parameters on a big
screen instead of blind signing.
EMM_386 wrote 1 hour 10 min ago:
One of the links says the following:
> According to crypto security firm Groom Lake, a Safe multisig
wallet was deployed on Ethereum in 2019 and on the Base layer-2 in
2024 with identical transaction hashes. Ethereumâs alphanumeric
transaction hashes are 64 characters long, so deploying the same
smart contract transaction hash twice should be mathematically
impossible.
> The same transaction hash appearing on both Ethereum and Base
indicates an attacker could have found a way to make a single
transaction valid on more than one network or could be reusing
crypto wallet signatures or transaction data across networks,
pseudonymous Groom Lake researcher Apollo said.
AwGeezeRick wrote 17 min ago:
The quote is incorrect. If I deploy the same smart contract to
two different EVM chains, from the same wallet, with the same
nonce (pretend it's the first transactions I'm doing with this
wallet on each chain, so nonce 0), then the transaction hash will
be the same on both chains. That's not odd.
veidr wrote 2 hours 51 min ago:
Are we sure he didn't mean the transaction got DOGEd?
dboreham wrote 2 hours 52 min ago:
Oh, when I read this yesterday I assumed "musked" was a clever play
on the idea that someone is tricked into agreeing to things against
their interests.
Salgat wrote 3 hours 23 min ago:
Is it possible that this was an inside job?
mhmmmmmm wrote 9 hours 2 min ago:
[1] This thread has some info about very similar past attacks,
should give some insights into the level of sophistication that goes
into something like that.
URI [1]: https://x.com/tayvano_/status/1847877011462901915
frinxor wrote 3 hours 55 min ago:
This was interesting, thanks!
cypherpunks01 wrote 10 hours 1 min ago:
A huge problem with signing EVM transactions using hardware wallets
is that is common to be blind signing messages. The device has no
knowledge of the SAFE EVM contract functions or any other context, it
just asks you to sign an gobblygook opaque binary message so you may
have no idea what's being signed, is my experience using multiple
different vendor HW wallets. Not sure if that's what happened, but
possible this type of problem contributed to the exploit. BTC TXs are
simple enough that all HW wallets can basically display what's
happening, but with turing-complete arbitrary computations in EVM
this becomes very difficult.
DennisP wrote 13 min ago:
Yes, but some hardware wallets actually do break out the parameters
for you. GridPlus is one example.
killerstorm wrote 1 hour 18 min ago:
In almost all cases EVM smart contract interaction looks like a
function call which can be easily decoded into JSON if you know
ABI.
HW wallet doesn't need to understand the contract logic, it just
needs ABI, which is generally a simpler task. Also it can show the
name of function you're calling as selector is a hash of a name.
Safe is a bit more complex as it also wraps it in EIP-712 message,
but that can also be decoded in a systematic way.
tumdum_ wrote 8 hours 12 min ago:
> with turing-complete arbitrary computations in EVM this becomes
very difficult.
I have very limited knowledge about EVM, but those computations are
bounded by gas, right? Evaluating them is a finite process.
dboreham wrote 2 hours 48 min ago:
What you suggest is possible (evaluate the side effects of the
transaction and present that information to the prospective
signer). But at present they don't do that. I'm not sure about
this specific case but often it's just a supplied text string
(that can say anything) that's displayed. Basically the system
depends on trust in whatever came up with the transaction
payload.
simpsond wrote 4 hours 31 min ago:
Yes, each opcode has a gas cost. Some are quite expensive, like
writing storage (changing network state). Each block has a target
gas limit. Say 30 million. A single transaction cannot exceed
that. Additionally, a transaction specifies a bid on how much
they are willing to spend, in ether, per gas. That said,
transferring funds does not typically require significant gas.
porkbrain wrote 7 hours 50 min ago:
But the space of their effects on the Blockchain state is vast.
You need software to translate those effects to a form human can
interpret as "what I want"/"not what I want".
Ie. engineering work needs to happen in the UI they used to
confirm the tx
rkagerer wrote 9 hours 25 min ago:
Thanks for spelling this out, the explanation makes a lot of sense.
You'd think they could at least show a blockie representing the
contract, or reputational party who cryptographically vouched for
it.
jauntywundrkind wrote 20 hours 24 min ago:
Terrifying to imagine how much funding terrorist states might be
getting by hacks like this.
a_tartaruga wrote 10 hours 6 min ago:
One in particular gets about 1 billion dollars a year. Already hit
their quota in February
insane_dreamer wrote 21 hours 48 min ago:
Given how many of these exchanges have been hacked (or were
fraudulent), how is it that people still use them?
mkagenius wrote 22 hours 37 min ago:
A crypto exchange WazirX was hacked for ~$300M, roughly 50% of the
users fund gone.
There is no action on the CEO since the hack in July 2024. He sits in
Dubai. He just got a nod from Supreme Court of SG to just average out
the funds and distribute it among the users.
No action has been initiated against the company/ceo for losing the
fund. He is geared up to launch another company/exchange.
ycombinatrix wrote 6 hours 37 min ago:
What action can be taken? There's no law against getting hacked or
being a moron.
ghhrjfkt4k wrote 6 hours 6 min ago:
There is a law against gross negligence. Holding client money comes
with other obligations too.
joshstrange wrote 4 hours 25 min ago:
Itâs not money though. Itâs property at best. It doesnât
get held to the same standards.
CryptoBros are all about âno laws, do whateverâ right up
until the, inevitable, point at which /they/ are getting swindled
and then they want to cry foul and run to the authorities.
Itâs just like the whole DAO situation which showed âCrypto
is immutable and we want to live and die by the code unless of
course someone finds a flaw in the code and steals our money,
then we will roll back the immutable chain to recover itâ what
a farce.
Saline9515 wrote 2 hours 20 min ago:
Ethereum wasn't rolled back after TheDao hack, they simply
forked. Also crypto is about uncensorable transactions, not
lawlessness.
UncleMeat wrote 22 hours 38 min ago:
"Please rest assured that all other cold wallets are secure."
Unreal.
otabdeveloper4 wrote 8 hours 27 min ago:
He means "...secure. (For now.)"
He just left off the implied part.
ArtTimeInvestor wrote 22 hours 45 min ago:
When even professional companies that have billions of dollars under
management can't securely manage their crypto assets, how likely is it
that individuals can?
kangda123 wrote 22 hours 42 min ago:
It's a different ball game. The resources that went into executing
this kind of hack were probably far higher than most wallets are
worth anyway.
acc_297 wrote 22 hours 36 min ago:
Maybe not - a number of high-value past hacks have been very low
effort
I have yet to see a thorough explanation of what specifically was
hacked here anyhow
scrlk wrote 22 hours 51 min ago:
I wouldn't be surprised if Bybit cuts a deal with the hacker to return
the funds. There's no way that $1.46 billion of marked ETH can be
liquidated and off-ramped to fiat.
adastra22 wrote 22 hours 46 min ago:
Thatâs well within the daily trading volume.
plantain wrote 8 hours 40 min ago:
Well within real daily trading volume is less clear.
URI [1]: https://www.forbes.com/sites/javierpaz/2022/08/26/more-tha...
scrlk wrote 22 hours 35 min ago:
Exchanges will blacklist the addresses that hold the hacked ETH.
They won't be able to deposit, or if they can deposit, the ETH will
be frozen by the exchange.
cherryteastain wrote 2 hours 55 min ago:
Tornado cash and similar exist
medellin wrote 10 hours 38 min ago:
It is on eth and they can use decentralized exchanges.
scrlk wrote 7 hours 15 min ago:
It's all traceable. Some of the ETH has already been run
through a mixer and then bridged to BTC.
In any case, since this hack was performed by a nation state
actor (Lazarus Group/North Korea), being caught is effectively
meaningless.
theamk wrote 22 hours 8 min ago:
I am sure there are still plenty of suckers who believe the whole
"cryptocurrencies are fungible" narrative, and would get those
ETHs with a discount.
walterbell wrote 22 hours 56 min ago:
Bybit CEO Ben Zhou wrote on X that a hacker "took control of the
specific ETH cold wallet and transferred all the ETH in the cold wallet
to this unidentified address."
"Control" has a specific meaning under UCC Article 12, which was
ratified in 2022 and is slowly being adopted by U.S. states. It links
some rights to control/possession of keys, even if a blockchain asset
may have been stolen before being sold, [1] > Article 12 â dealing
directly with the acquisition and disposition of interests (including
security interests) in âcontrollable electronic records,â which
would include Bitcoin, Ether, and a variety of other digital assets ...
a good faith purchaser for value who obtains control (a âqualifying
purchaserâ) takes its interest free of conflicting property claims...
Control under Article 12 is designed to be a technology-neutral
functional equivalent of âpossession.â It generally encompasses
circumstances when a party has the âprivate keyâ
URI [1]: https://www.clearygottlieb.com//news-and-insights/publication-...
acc_297 wrote 22 hours 32 min ago:
I think (I assume but could be wrong) in the average CEO X-tweet
"control" likely only means 'control' nobody was reading through UCC
Article 12 while drafting this message
As in: "The hacker gained access to" "The hacker took charge of" "The
hacker assumed authority over"
walterbell wrote 22 hours 29 min ago:
Those are all equivalent to exclusive control of the private key,
which is the meaning within UCC Article 12.
adastra22 wrote 22 hours 48 min ago:
What is the purpose of this comment?
beefnugs wrote 20 hours 52 min ago:
It is important everyone is thinking real hard about how this is
different from traditional theft: there is no way to actually prove
the operators didn't just steal everything themselves vs actual
real hack theft.
jgilias wrote 8 hours 31 min ago:
There is. ZachXBT has already gotten a bounty for unambiguously
pinning this on the Lazarus Group (North Korea).
walterbell wrote 22 hours 35 min ago:
It describes the legal status of stolen cryptocurrency changing
after the first sale. This HN story is about stolen cryptocurrency.
In particular:
> The wallet has sold around $200 million worth of stETH so far
If some of those sales took place within jurisdiction of a U.S.
state that has ratified UCC Article 12, then the buyer of the
stolen cryptocurrency is now the new legal owner.
adastra22 wrote 17 hours 4 min ago:
The hacked coins are not "free of conflicting property claims."
walterbell wrote 16 hours 3 min ago:
> The hacked coins are not "free of conflicting property
claims."
2023, American Bar Association, [1] .. âtake freeâ regime
introduced by the 2022 UCC Amendments for these assets. Under
these rules, a person who acquires a CER for value, in good
faith and without notice of any conflicting property claims, is
deemed a âqualifying purchaserâ and, as such, takes it free
from any preexisting property claims.
The 2022 UCC Amendments draw heavily from the UCC Article 3
provisions for negotiable instruments, and these provisions
have the effect of making CERs negotiable. It follows that if
a secured creditor obtained a security interest in CER
inventory and only perfected by filing, that creditor would be
at risk of the debtor disposing of the collateral and
transferring control to a qualifying purchaser that would take
it free from any competing claim.
URI [1]: https://www.americanbar.org/groups/business_law/resour...
paul_h wrote 10 hours 21 min ago:
I think you're saying this is different to theft-of-car. A
stolen car could be sold/bought a number of times, but any
amount of years later the car belatedly identified as the one
stolen from the rightful owner means it is returned. A
fraudulently created title isn't enough to protect the
bagholder from having to return the car.
fjjjrjj wrote 22 hours 58 min ago:
More like byebit.
Unregulated asset exchanges. Haven't we been there before a loong time
ago?
mvdtnz wrote 23 hours 0 min ago:
Remember the golden rule that when it comes to crypto it is a scam 100%
of the time. Congrats to the Bybit CEO on his newfound wealth.
guluarte wrote 23 hours 4 min ago:
[flagged]
kinakomochidayo wrote 22 hours 55 min ago:
letâs not forget that Satoshi rolled back Bitcoin in 2010, whereas
Ethereum was a surgical state change within a smart contract
adastra22 wrote 22 hours 45 min ago:
What are you talking about in 2010?
kinakomochidayo wrote 22 hours 30 min ago:
[1] Other transactions besides the one that created 184 billion
BTC in that block was effectively ârolled backâ on the
working chain.
URI [1]: https://en.bitcoin.it/wiki/Value_overflow_incident
adastra22 wrote 17 hours 8 min ago:
Thank you.
vessenes wrote 23 hours 1 min ago:
So salty! And yet...How's ETH Classic doing? It was the right move at
the time to fork. And pretty obviously would be the wrong move today.
For context, guluarte is referring to a moderately contentious
hardfork done by the Ethereum developers and mining community to
reverse TheDAO Hack in 2016 or so. The stakes were much larger then
-- Ethereum was newer, not yet battle tested, and TheDAO had
something like 10% of all ETH in it.
A fork was formed -- "ETH Classic" -- ticker ETC -- which did not
reverse the DAO hack, and you can see from valuations that the public
preferred the reversal.
0cf8612b2e1e wrote 22 hours 56 min ago:
I mean, the public comprised of the developers of Ethereum who had
significant financial incentive to pretend the hack did not happen
and to forever publicize their chain of history.
Code is law, up until it costs me.
kinakomochidayo wrote 22 hours 52 min ago:
it was actually up to the node operators to update their clients
or not, which resulted in a contentious chain split. just like
Bitcoin. decentralization worked as intended.
tombert wrote 23 hours 6 min ago:
The entirety of the cryptocurrency world is so obviously a
"Chesterton's Fence" situation.
Every pseudo-intellectual thinks that the fiscal world is "too
complicated" and they're going to "simplify" it by making some token,
only for people to realize that the monetary world is just complicated,
and they have to reinvent everything that already existed in the
traditional banking system.
I had to do some work on an ACH system a couple years ago [1], and I
read through a large chunk of the ACH standard, which was about 800
pages. It's easy to see and hear that and think "that's way too
complicated, what could possibly be so hard about money transfers that
necessitates an 700 page specification??", but as I read it and saw how
many edge cases it took into account, it was easy to see why it got so
huge. It turns out that dealing with money is just a really hard
problem at scale.
I fell for the cryptocurrency hype of 2021, and I will fully
acknowledge that that came out of a complete lack of understanding of
how fiscal systems work. I wish everyone else would just grow up
already.
[1] Usually disclaimer: not hard to find my work history, it's not
hidden, but I ask that you do not post anything about it (or at least
any proper nouns about it) here.
medellin wrote 10 hours 35 min ago:
I donât know anyone working in crypto who complains about the
physical world being too complex. Imaginary dragons are easily
slayed.
tombert wrote 1 hour 13 min ago:
If you read the original bitcoin paper, it complains about bank
centralization and âissuesâ with traditional finance for a
not-insignificant amount of it, and presents cryptocurrency as a
solution.
I will admit I used a bit of shorthand, but the paper is providing
a âsimpleâ solution to a âcomplexâ problem.
erikpukinskis wrote 22 hours 31 min ago:
For what itâs worth, Iâm a âcrypto believerâ and I have never
considered ease of use to be one of its selling points.
What you are describing are the systems of power which create a
stable financial system. That is, one where you can put a nickel into
a bank account and expect it to be there in a year or a hundred
years.
That indeed requires a complex web of power structures, because its
top line goal is to be stable and dependable. And stability within a
complex landscape requires an equally complex network of power.
Crypto provides the exact opposite value: it cannot be controlled, no
matter how robust your power structure is. It can be insured, at a
significant cost, but not controlled.
That means in the face of even totalitarian powers someone could
still move crypto across any boundary that is permeable to
information, which it turns out is a set that roughly approximates
the set of all boundaries.
This is a terrible way to pay for candy bars, because candy bars are
not worth insuring.
But what I think the crypto opponents miss is that there is a set of
transactionsâsome criminal, some legal, some immoral, some
righteousâwhich cannot be made in a state controlled financial
systems.
And that these transactions are what gives crypto value as a
currency.
To me, where I would like the debate to go is not âis crypto a
scam?â but âhow does society protect people from the violence
facilitated by crypto?â
Yes, financial âviolenceâ, which can be insured against, but also
real violence: human trafficking, extortion, etc.
We anarchists sometimes like to pretend that without rulers we will
be freed to care for each other. But in the shadow of a history of
violence, there will be more violence too.
And the âcrypto is a scamâ argument I fear is a red herring that
distracts from this, the real issue.
nprateem wrote 7 hours 48 min ago:
> Crypto provides the exact opposite value: it cannot be
controlled, no matter how robust your power structure is. It can be
insured, at a significant cost, but not controlled.
This is such a naive claim parroted by crypto enthusiasts. Lots of
criminal things can't be 'controlled' (e.g. stopping people
murdering, stealing, etc.), but there are consequences if you do
them.
Crypto could easily be controlled by laws or punitive taxes. KYC is
a step in that direction. But still this claim keeps coming out.
All they need to do is control the off-ramps.
It's like the one "but, but, there will only ever be a fixed amount
of BTC, so it's valuable!". There will only ever be a fixed amount
of my turds, but I don't see them up for auction. It also doesn't
explain why BTC is the valuable one but not all the clones
(spoiler: it's the brand name).
It's easier to just parrot some grifter's justifications than
actually thinking for yourself I guess.
DonHopkins wrote 4 hours 15 min ago:
You wouldn't be the first person to pump and dump their own
turds.
Some people even brand their own turds with their own name, and
drop a $TRUMP and dump.
theamk wrote 21 hours 50 min ago:
Power structures can absolutely control crypto. They can make it
illegal - it won't eradicate it altogether (see: war on drugs), but
it will severely decrease its influence. No one is bragging about
investing their retirement savings into cocaine, and Paypal does
not offer it to me either.
Or if government is smarter, they can slowly gain control over it.
Allow trading traceable currencies via official channels, but with
good KYC measures. Do not allow fully anonymous systems. Go after
mixers. Prosecute exchanges which do not verify their customers.
Once there are plenty of government-sanctioned exchanges in the
country, there will be little incentive to create unsanctioned
ones, and someone with coins that were marked "North
Korean-originated" won't be able to spend them in the country.
jgilias wrote 7 hours 36 min ago:
Your âif government is smarter scenarioâ is exactly whatâs
playing out right now.
htrp wrote 22 hours 48 min ago:
The crypto community continues to speed run the history of
traditional finance.
URI [1]: https://news.ycombinator.com/item?id=31777761
a_tartaruga wrote 9 hours 59 min ago:
It's only a matter of time until we get a railroad track laying
network secured by proof of railroad track (PoRT) and recreate the
panic of 1873.
sleazebreeze wrote 23 hours 8 min ago:
What are the chances that a Bybit insider is behind this?
mvdtnz wrote 12 hours 25 min ago:
10000%. You would have to be soft in the head to not conclude that's
the case.
hinkley wrote 22 hours 46 min ago:
Or former insider.
I spent several years pointing out to my last employer that every
former employee could have walked off with secrets that allowed them
access to our backends. The were already slowly working on hardening
write access but read access was still being worked on a couple
months before I left, when I got to write about half of the last mile
code for the user facing bits.
This is not a unique experience by any means. Iâve seen this sort
of thing enough to pay attention when acquaintances bitch about it
too.
Falimonda wrote 13 hours 0 min ago:
Are these business-owned exchanges and managed wallets not
fundamentally incompatible with making guarantees of security? Is
anyone doing it the "right" way and what does the right way even
look like?
hinkley wrote 12 hours 47 min ago:
I don't know the answer to that, I only have guesses.
But one mistake we make over and over is that we write code that
just does its best to answer questions as quickly as possible.
And when those questions show up 10x as quickly as they have any
other time in our company history, they either just plug right
along or maybe throw an error.
Someone shouldn't be able to empty a billion dollars out of an
exchange in 10 minutes, unless they do $250B in daily traffic.
And I suspect most of them can be, and in even less time than
that.
tw1984 wrote 23 hours 8 min ago:
another "exchange was hacked" story, why I am not surprised.
notfed wrote 23 hours 1 min ago:
"Oops, we were hacked, hehe, guess we'll have to shutdown. Oh and our
CEO will be moving to another country."
chabes wrote 23 hours 9 min ago:
From the article:
> The wallet in question appears to have sent 401,346 ETH ($1.1
billion) as well as several other iterations of staked ether (stETH) to
a fresh wallet, which is now liquidating mETH and stETH on
decentralized exchanges, etherscan shows. The wallet has sold around
$200 million worth of stETH so far.
If you showed me a paragraph like this a decade ago and told me it was
from 2025, I would have a difficult time believing you.
satvikpendem wrote 10 hours 7 min ago:
Crypto shenanigans were happening in 2015, even as far back as 2010,
so I would have to absolutely believed you to hear that it continues
happening, as crypto is a fundamentally unstable platform.
bn-l wrote 6 hours 46 min ago:
I think he means the sheer volume
sigmoid10 wrote 5 hours 43 min ago:
Mt. Gox (a former crypto exchange) was hacked in 2014 and the
thieves stole nearly half a billion dollars in BTC. Considering
how much more the currency is worth today and how much bigger the
markets are, it seems like Bybit got off easy in terms of sheer
volume.
netrap wrote 23 hours 4 min ago:
Just crazy. Bank heists fully online...
yard2010 wrote 7 hours 36 min ago:
It's a cold wallet which means it should never be connected to the
internet, so not entirely online, but yes - these are the wild wild
west times of the internet. Imagine how easy it was to go into a
bank shoot some people and get out with money, and doing it like,
daily? monthly? Today it's not possible.
kzrdude wrote 2 hours 33 min ago:
Apparently there was a path from the internet to the wallet
anyway, that's what it sounds like.
aaronmdjones wrote 1 hour 46 min ago:
So it was a lukewarm wallet?
desumeku wrote 44 min ago:
What supposedly happened is that malware was installed on
every multisig key signer's device and then the hacker showed
them all a fake transaction that looked legit but actually
changed the smart contract of the cold wallet to give him
access.
faefox wrote 23 hours 11 min ago:
[flagged]
dang wrote 11 hours 19 min ago:
Maybe so, but please don't post unsubstantive / snarky / tropey
comments here. It leads to generic / repetitive / nasty discussion,
and we're hoping to avoid that here.
URI [1]: https://news.ycombinator.com/newsguidelines.html
adastra22 wrote 22 hours 47 min ago:
What is the gullibility here?
amatecha wrote 22 hours 38 min ago:
Thinking you can store your crypto with some 3rd party that
_definitely_ won't get hacked (or """hacked"""), also thinking your
crypto won't become worthless from a singular unusual event.
Actually the most gullible are the people who think of
cryptocurrency as an "investment" XD
SirMaster wrote 20 hours 11 min ago:
I don't know. I always store my crypto offline. I bought $1000
worth of bitcoin when it was less than $100 per bitcoin because
it seemed like something that could get big at some point, and I
was willing to risk $1000 on that thought.
My thought was it will some day either be worth a lot or be worth
0 and I'm OK with both of those possibilities. I don't really
think I was gullible about anything and yes I thought about it as
a risky investment that turned out to pay off quite well.
garciasn wrote 21 hours 40 min ago:
Itâs an investment the same way that playing the lottery is. I
had a family member win ~$30MM back in the 80s, but he had played
the same numbers for decades; someone who knew of this stole the
winning tickets and he ended up only getting 7.5MM of the
winnings after a protracted court case.
Crypto is the same thing. You put money in and you may cash out
quickly with a big number, but someone who knows can swoop in and
steal your money in a way that is much easier than if you used
more traditional investment and banking vehicles.
¯\_(ã)_/¯
tombert wrote 23 hours 3 min ago:
The genius behind crypto is that it's not just the extremely
gullible. I know a fair number of really smart people, academics
even, that have bought into the cryptocurrency hype.
It has this kind of veil of "high techness" to it that is appealing
to smart-but-uninformed people (like me in 2021). I'm embarrassed
that I fell for it, but on the bright side it does make me a bit more
sympathetic for other people who also fell for it.
michaelt wrote 22 hours 9 min ago:
> The genius behind crypto is that it's not just the extremely
gullible.
I don't know about you, but I barely follow cryptocurrency news,
and I've still been hearing about major players getting "hacked"
several times a year for over a decade.
Either it's Mt Gox or FTX or The DAO or Bitfinex or QuadrigaCX or
Terra/Luna or rug-pull meme coins or dollar-backed coins that
actually aren't or any of a dozen other things.
Anyone who isn't being extremely careful to avoid scams, given the
constant drumbeat of reports about how you have to be extremely
careful to avoid scams when dealing with cryptocurrency, is pretty
gullible.
joezydeco wrote 21 hours 10 min ago:
This essay scared me away from Ethereum, among other coins, for
good:
URI [1]: https://www.paradigm.xyz/2020/08/ethereum-is-a-dark-fore...
tombert wrote 21 hours 24 min ago:
Ironically I think being more educated might sabotage you more
with cryptocurrency.
My parents, both smart people but neither of which know much
about distributed systems or concurrent computing or
cryptocurrency, see the news reports about Mt Gox or BitConnect
and think "that sounds like a scam", avoid it, and put money into
a Vanguard or something.
On the other hand, you have people like me (and probably a
not-insignificant percentage of people on HN), who have learned a
fair amount of distributed and concurrent programming, and see
the "neatness" factor of cryptocurrency, and since the crypto is
laundered through interesting tech, we fall for it.
I haven't touched any cryptocurrency since I fell for the
unregistered security calling itself Gemini Earn [1] (so almost
three years now), but I did think that stuff like Filecoin was
pretty cool. Hell, I'll still acknowledge the coolness factor of
stuff like Filecoin and Storj and Sia. I just think that the
currency itself is wishful-thinking-at-best, and fraudulent at
worst (probably somewhere in between).
I don't think I'm an especially gullible person, but no one
thinks that they're gullible, so I'll acknowledge that I probably
am, but I think a lot of the educated people who got into crypto
got into it because they kind of had horse-blinders on when
looking at the interesting tech. [1] Not my opinion, but the
SEC's for what it's worth:
URI [1]: https://www.sec.gov/newsroom/press-releases/2023-7
akritrime wrote 22 hours 40 min ago:
To be honest, a distributed logic execution engine is an
interesting tech, it just isn't something to build any high value
economy on top of.
tombert wrote 21 hours 42 min ago:
Sure, I'll totally acknowledge that some of the distributed
algorithms that have spun out of the blockchain are pretty cool,
and I'll even go as far as to say that maybe someday we'll find
some very cool high-value uses from them.
Pretend money, at least in my opinion, is not one of those uses.
phil21 wrote 21 hours 30 min ago:
Itâs been about 15 years now. The killer app for blockchain
is Bitcoin.
tombert wrote 21 hours 19 min ago:
I don't know, I think some of the papers for distributed
consensus might lead to something cool; if nothing else it
does seem to be increasing the use of formal methods, which I
think is neat.
These things can take time; it might be thirty years or more
before someone does anything actually useful with the stuff
learned from the crypto world.
hinkley wrote 22 hours 51 min ago:
Crypto: where Kernighanâs Law meets con artistry.
tdb7893 wrote 22 hours 57 min ago:
Being smart or academic does absolutely not mean these people
aren't gullible.
tombert wrote 22 hours 52 min ago:
I know, but it is inversely correlated.
I don't think most academics would fall for the "Nigerian Prince"
chain emails, or the "Romance Scams" you see on YouTube, which
are things I usually associate with extremely gullible people.
huang_chung wrote 23 hours 13 min ago:
Society has devolved a bit when not long ago a heist like this would
involve sieging Nakatomi Plaza, now it takes just finding a bug in
someone's defective Python codes.
evantbyrne wrote 2 hours 36 min ago:
It has been this way since the dawn of electronic banking. I once had
complete access to all digital wallets for the Seattle metro, which I
gained by looking at two cards and noticing the numbers were
incrementing. Even with all of the flaws of electronic transactions,
it's still better than walking to the bank and hoping a check won't
bounce.
grues-dinner wrote 8 hours 53 min ago:
You don't even have to break into a wierd high-tech vault to get an
unreasonably slow (or fast) billion-dollar progress bar with a snazzy
custom UI toolkit these days. Not sure if technology or inflation is
most to blame!
skeeter2020 wrote 2 hours 44 min ago:
yes, this part won't play well in the movie: it takes just as long
to transfer a billion as a dollar; the progress bar won't allow any
time to build suspense... will they finish in time? cuts between
parallel timelines...
ratg13 wrote 19 hours 18 min ago:
You just gotta trust the wrong people.
Donât forget FTX willingly hired the Ultimate Bet âgod modeâ
guy.
Klaster_1 wrote 23 hours 4 min ago:
I wonder how many programmers resort to crime after they were laid
off and couldn't find a job. Like soldiers after a war.
skeeter2020 wrote 2 hours 43 min ago:
not related to the current western market, but countries like
Romania pre EU had a huge surplus of soviet-educated young people
and no jobs. This definitely increased their involvement with
"informal" economies for some time.
ooterness wrote 10 hours 32 min ago:
Relevant comedy sketch? "Secret agent squad, but they're all just
the hacking guy."
URI [1]: https://youtu.be/cL7lhbtWwbY?feature=shared
wyre wrote 22 hours 15 min ago:
That might make for a good book or movie plot.
mablopoule wrote 7 hours 10 min ago:
It was the basis of the plot of the first Jurassic Park movie.
All shenanigans started because Dennis Nedry, the parc IT
manager, disabled some security system at a bad time so he could
sell some company secrets to concurrents.
There are interesting character analysis to do between the book
and the movie version, where the book version or Dennis Nedry is
way more sympathetic (even if flawed), he's a extremely talented
IT guy who was undersold the amount of work to do in the park,
kinda stuck doing unpaid overwork in a remote island and
generally been fleeced by a way more villainous book John
Hammond.
NetOpWibby wrote 11 hours 3 min ago:
Starring Rami Malek, Tom Holland, Kyla Pratt, and George Clooney?
gosub100 wrote 23 hours 20 min ago:
[flagged]
bryceneal wrote 15 hours 17 min ago:
I see this quote repeated here often, but working in the industry
I've never heard it said unironically by any of my peers or thought
leaders in the space. Best I can tell it is a sort of lazy straw man
repeated by skeptics. Does it have an origin?
gosub100 wrote 2 hours 49 min ago:
The original idea with crypto was that the "code" was so strong, it
removed the need for physical banks, tellers, FDIC, law
enforcement, etc. The theory was, we can have everything the
banking system has, but cheaper, because the only way to steal
money was to break the crypto itself, hence "code is law".
The industry cannot appeal to the protections of law enforcement,
civil tort, and other features of the regulated banking system,
without simultaneously undermining the "crypto" part. If you're
going to summon authorities when hackers hack, you're no better off
than if you just acted like any other bank and stored the client's
balance in an excel sheet.
bryceneal wrote 2 hours 40 min ago:
> The original idea with crypto was that the "code" was so
strong, it removed the need for physical banks, tellers, FDIC,
law enforcement, etc.
Is this really an accurate characterization of "the original
idea"? And according to whom?
gosub100 wrote 51 min ago:
Yes it is. Me and many other people.
consumer451 wrote 10 hours 48 min ago:
[1] [2] Are those appropriate sources?
URI [1]: https://blockchain-society.science/?p=218
URI [2]: https://ethereumclassic.org/blog/2024-04-03-ethereum-class...
bryceneal wrote 2 hours 41 min ago:
I suppose so, however Ethereum Classic is a fork of Ethereum that
failed. I don't think it's generally well regarded in the space.
I doubt many of the newer entrants to the ecosystem have even
heard of it.
This would be like finding a quote from some old poorly
maintained Linux distribution and attributing quotes from the
maintainers as being representative of all kernel developers.
consumer451 wrote 1 hour 32 min ago:
Thanks for a good faith response. This is what makes this
website excellent.
While I must admit that I have some anti-cryptocurrency biases,
I am also not that familiar with the cryptocurrency world. I
really appreciate you sharing your knowledge.
acc_297 wrote 23 hours 4 min ago:
^Yep
When you decentralize finance like this what becomes okay to do
according to system rules is exactly what is possible to do according
to system rules. We don't have humans in that loop anymore to enforce
moral judgments about what constitutes unlawful theft (except for 1
or 2 rare "hard-forks" of various blockchains to reverse devastating
transactions).
I feel bad for people who lose large volumes of cryptocurrency to
malicious actors in the same way I feel bad for people who lose large
volumes of real money to a casino.
It is 2025 now and we all know that anyone who can somehow get your
private-key to whatever blockchain backed assets you have "owns"
those assets just as much as you do and they are permitted to take
them under the rules of the system so whatever you do do not lose
that key.
There is no higher arbiter of justice in this space so use it at your
own risk.
DonHopkins wrote 4 hours 6 min ago:
Being doomed to spending millions of real dollars litigating to buy
a trash dump full of used diapers and toxic waste, just to dig
around in it looking for a hard disk drive for the rest of your
life, seems to be a particularly satisfying Sisyphean form of
justice.
URI [1]: https://en.wikipedia.org/wiki/Bitcoin_buried_in_Newport_la...
unyttigfjelltol wrote 23 hours 9 min ago:
Yes!
A "cleverly masked exploit that altered the smart contract logic"[1]
= congratulations!! the contract gives you $1.46B free money!!
I anticipate that the defi community will celebrate the inexorable
operation of their logical contracts.
URI [1]: https://cryptonews.com/news/bybit-crypto-exchange-faces-1-5-...
yapyap wrote 23 hours 13 min ago:
âskibidi is toiletâ
what r u talkin ab?
drak0n1c wrote 23 hours 13 min ago:
In this case yes - everything went by the design and law of the
underlying code. There was no exploited bug or vulnerability flaw
besides human laziness here.
1) Their multi-signature wallet signing employees lazily clicked
through in unison to approve a new smart contract without examining
the contents to see if it was unusual.
2) Bad security architecture to keep too much in a single wallet that
wasn't properly kept cold. There should have been a few fully cold
wallets, that only rarely transact with mostly-cold intermediary
"airlock" wallets which are also separated from the exchange
operations and wallets. The signers also need to be different
combinations of people for each of those wallets - preferably some of
those signers being additionally liable 3rd party technical experts.
fsckboy wrote 23 hours 6 min ago:
>There was no bug or vulnerability flaw
when code is law, there can't be any bugs or vulnerabilities, only
features.
philipwhiuk wrote 23 hours 22 min ago:
It's obviously not a cold wallet if it's connected to the exchange.
cozzyd wrote 10 hours 42 min ago:
Perhaps their servers have cryogenic cooling
javier2 wrote 21 hours 27 min ago:
Cold usually means it needs multiple physical people to sign from
offline devices to move it. Hot wallet usually is automated. Here it
looks like the «hackers» found a way to trick enough people to sign
this transaction
stavros wrote 7 hours 17 min ago:
Or the cold wallet was, at best, room temperature.
vessenes wrote 23 hours 3 min ago:
They could have gotten the recovery phrase off some paper, then
imported it wherever. More likely than guessing the pin on a ledger
with a short number of tries before wiping.
gnabgib wrote 23 hours 7 min ago:
It could still be cold. "took control of the specific ETH cold
wallet" sounds like stealing the physical hardware. Like someone
stealing the vault key, or the HDCP master key getting leaked.
hotsauceror wrote 1 hour 49 min ago:
Yes. This sounds like a variant of ârubber hose decryption.â
âWe beat him with a sock full of doorknobs until he gave us the
device.â
Etheryte wrote 23 hours 11 min ago:
Yeah this makes no sense whatsoever.
> [The hacker] took control of the specific ETH cold wallet and
transferred all the ETH in the cold wallet to this unidentified
address.
Did the hacker physically break into their office or what?
shawabawa3 wrote 22 hours 47 min ago:
Possibly yes
Or some part of their system failed and the key was compromised
without them realising it (like the Debian insecure keys debacle or
whatever)
abuani wrote 23 hours 15 min ago:
It's also not reassuring that the CEO claims cold wallets are safe
and secure, just after losing 1.46B
toomuchtodo wrote 23 hours 38 min ago:
URI [1]: https://www.web3isgoinggreat.com/
DIR <- back to front page