Bybit reveals security overhaul in response to $1.4B hack

Bybit, the world’s second-largest cryptocurrency exchange by trading volume, has revealed a comprehensive security overhaul following its $1.4 billion hack in February.

On Feb. 21, Bybit was hacked for over $1.4 billion in liquid-staked Ether (STETH), Mantle Staked ETH (mETH) and other ERC-20 tokens, making it one of the largest security breaches in crypto history.

To bolster defenses, Bybit has implemented a three-pronged security upgrade, targeting security audits, wallet fortifications and information security improvements, according to a June 4 announcement shared with Cointelegraph.

Within a month of the breach, the exchange completed nine security audits, conducted both by in-house specialists and independent external experts, resulting in the implementation of 50 new security measures, the announcement said.

Related: How the Bybit hack happened: a $1.4 billion crypto breach explained

Cold wallet protection and certifications

On the hardware front, Bybit said it has tightened cold wallet protocols, introduced a revamped operational safety procedure that mandates full supervision by security experts throughout the wallet process and adopted multiparty computation to further enhance wallet protection.

Additionally, hardware security modules were consolidated to provide higher levels of hardware security.

Bybit now holds ISO/IEC 27001 certification for information security risk management. It said it also encrypts all internal and customer communications and data storage.

Related: Bybit exchange hacked, over $1.4 billion in ETH-related tokens drained

Liquidity recovery and Lazarus bounty program

Despite the attack, Bybit has nearly returned to pre-hack liquidity levels, and its LazarusBounty initiative is continuing to trace the stolen funds. To date, over $2.3 million in bounty rewards have been distributed through the program.

Kaiko’s report on Bybit’s liquidity revealed that Bitcoin (BTC) market depth, within 1% of the price, had rebounded to a daily average of $13 million just 30 days after the hack.

Altcoin liquidity also rebounded, although at a slower pace than Bitcoin. The market depth for the top 30 altcoins by market capitalization has regained over 80% of its pre-hack levels.

The swift recovery is partly credited to Bybit’s Retail Price Improvement (RPI) orders, a feature designed to attract institutional liquidity. These specialized orders helped stabilize market conditions when liquidity was most strained.

As non-RPI liquidity temporarily diminished after the hack, RPI orders played a crucial role in stabilizing trading conditions and enhancing pricing efficiency.

While infrastructure hardening was a focus, Bybit warned that hackers are increasingly exploiting human errors instead of protocol vulnerabilities.

There is a rise in “more sophisticated attacks,” with hackers impersonating large brands and protocols, a Bybit spokesperson told Cointelegraph, adding:

“While system-level intrusions remain a concern, attackers are increasingly targeting the human element as the weakest link in the security chain.”

The shifting attack vectors signal that smart contracts and blockchain infrastructure are no longer the weakest link, as attackers increasingly exploit “human behaviour rather than code,” Ronghui Gu, the co-founder of CertiK, told Cointelegraph.

Magazine: US risks being ‘front run’ on Bitcoin reserve by other nations: Samson Mow