CZ warns crypto exchanges of hack targeting multi-sig cold storage after Bybit hack

Binance co-founder and former CEO Changpeng Zhao (CZ) warns of new hack patterns targeting multi-sig cold storage solutions in crypto exchanges.

In an X post, CZ pointed out how hackers penetrated the systems of multiple exchanges, such as Bybit, WazirX, and Phemex, stealing large amounts of crypto from their cold storage solutions.

CZ points out that North Korea’s Lazarus Group is growing in sophistication

On February 21, crypto exchange Bybit saw the largest hack in crypto history, losing over $1.4 billion in liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens. 

Multiple blockchain security analysts like Arkham Intelligence and on-chain sleuth ZachXBT have tied the Bybit attack to the North Korean hacker organization, Lazarus Group.

CZ stated that the hackers manipulated the front-end interface to display a legitimate transaction while the actual signed transaction was different. He argued that the recent attacks on other exchanges were quite similar, with hackers targeting the multi-sig cold storage. 

However, Zhao is mostly concerned that all the affected exchanges had different multi-sig solution providers, which goes to show the sophistication and broad skillset of the Lazarus hackers.

To make matters worse, it’s not yet clear how the hackers infiltrated the different systems; did they attack the multiple signing devices, the server side, or even both?

Zhao believes pausing withdrawals could help exchanges after a security breach

Zhao argued that he prefers to stay on the safer side and take precautions by pausing withdrawals after a security breach. He said the pause period could help institutions better understand the situation, learn exactly what happened and which devices were breached, and confirm that everything is safe once again before resuming operations.

However, he did point out that pausing withdrawals could lead to panic among traders. He related to the 2019 incident in which Binance had to pause withdrawals for a week after losing $40 million, where after resuming operations, deposits surpassed withdrawals.

Overall, he urged exchanges not to take security for granted, asking them to consider some of the tips he wrote some years back.

Cryptopolitan Academy: How to Write a Web3 Resume That Lands Interviews - FREE Cheat Sheet