Bybit crypto heist: Five key lessons to prevent a repeat
Dubai-based cryptocurrency exchange Bybit was the victim of what is being widely reported as the single largest digital theft in history. Hackers extracted approximately $1.5bn (£1.2bn) from an Ethereum wallet and transferred the contents to a new, unlocatable address.
The platform has assured users of its liquidity—despite a significant increase in the volume of withdrawals in the wake of the breach—promising refunds to all affected users even if the stolen money is not recovered.
According to Osama Bari, Chief Technology Officer at D24 Fintech Group, exchanges that comply with a core set of rules will drastically reduce their chances of suffering a similar breach.
1. Multi-party approval systems
The Bybit security breach was primarily caused by vulnerabilities in multi-signature authorization and UI spoofing tactics, where attackers manipulated the interface to display different addresses.
Bari said: 'Even experienced professionals might overlook such discrepancies without a thorough investigation. Typically, such issues often go unnoticed during routine exchange operations.
'To mitigate such risks, exchanges should implement a threshold-based, multi-party approval system for all transactions. Additionally, secure platforms require real-time monitoring systems to analyze deposits and withdrawals, with automated cross-checks for unusual spikes. If required, large transactions must be manually verified with a comprehensive report. Each withdrawal should undergo a transaction audit score assessment before being processed.'
2. Ensure two-factor authentication is in place
Two-factor authentication (2FA) is a security method that requires a second form of identification to access any account information or funds.
Bari: '2FA is no new phenomenon, but its importance as a tool for verifying users and ensuring only the right personnel can manage and withdraw balances or view confidential information cannot be understated.
'This is a basic form of protection that exchanges should absolutely be offering to their customers and can be a vital deterrent for hackers as it increases the difficulty of breaching gated accounts. All financial providers have a duty to protect their users and 2FA is a guaranteed way of raising the level of in-built security they provide.'
3. Custodians are valuable third parties
Custodians safeguard assets for fellow financial institutions to reduce the risk of loss, theft, or damage.
Bari continued: 'Exchanges should not underestimate the level of responsibility that comes with holding considerable volumes of assets on behalf of customers. Failure to put the appropriate measures in place to protect these funds, as we've just seen with the Bybit hack, could result in disastrous consequences for both the company attacked and the users impacted.
'Turning to external organizations to bolster security is a viable option for exchanges that lack the infrastructure and liquidity to manage millions, or even billions, worth of currency. Partnering with a trusted custodian will ensure that customer investments stay safe, allowing exchanges to focus on other important activities such as enhancing user experience and increasing the financial literacy of their customers.'
4. Perform a liveness check
A liveness check verifies a user's identity through a biometric measure, for example, their face or fingerprint. 40% of banks have implemented this precaution to tackle fraud, up from 26% five years ago.
Bari: 'For crypto exchanges, and financial institutions more generally, a liveness check adds that final layer of protection to dissuade hackers from attempting an attack. Having access to passwords, secure keys, or even primary devices is no longer enough to successfully bypass security measures—customers are protected as their face, fingerprints, and even voices are all unique.'
5. Make security CEXy
Centralized cryptocurrency exchanges (CEXs) are regulated intermediaries that facilitate the trading of fiat and digital currencies.
Bari concluded: 'A pivotal element of cryptocurrency's appeal throughout its history has been its decentralized nature, with many early adopters drawn to this form of tender by its anonymity. However, as crypto has become increasingly mainstream and a viable investment for individuals globally, it's important to reshape our thinking and start putting security at the top of the list of priorities.
'Due to Bybit's centralized approach, the exchange was able to freeze $42.85 million in stolen assets within 48 hours through collaborations with other platforms. This highlights the increased resilience of CEXs and how trusted partnerships with other organizations in the crypto field can limit the damage inflicted in a hack.'
Copyright © 2022 AfricaBusiness.com - All materials can be used freely, indicating the origin AfricaBusiness.com Provided by SyndiGate Media Inc. (Syndigate.info).
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gulf Business
an hour ago
- Gulf Business
5G-Advanced: e& UAE sets new world record for connectivity
Image credit: WAM/Website e& UAE, the flagship telecom arm of e&, has set a new world record for connectivity by achieving an uplink (UL) speed of 600Mbps on a live 5G network—a major milestone in the evolution of 5G-Advanced. Read- This achievement was enabled by aggregating FR1 bands at 2100MHz and C-band, paired with uplink 3Tx (three transmit antennas) on commercial Customer Premises Equipment (CPE) at a live 5G site. The deployment is fully compliant with 3GPP Release 17 standards, This record-breaking uplink speed represents a cornerstone of 5G-Advanced, empowering uplink-heavy applications with unmatched performance. By leveraging FR1 band aggregation and cutting-edge uplink technology, e& UAE has established a new global benchmark for 5G excellence. Abdulrahman Al Humaidan, Vice President of Fixed Access Network at e& UAE, stated: 'e& UAE's world-record 600Mbps uplink speed is a strategic step forward, catalysing a new era of hyper-fast, uplink-driven digital innovation. This is not just a technological milestone—it's a launchpad for reshaping the digital world and solidifying the UAE's role as a global tech leader.' A new era for enterprise and smart infrastructure The 600Mbps uplink enables a new wave of connectivity, enhancing uplink-intensive applications across both business and consumer landscapes. Enterprises can now enable real-time sensor data uploads in smart factories and logistics hubs, advancing AI-driven automation and predictive analytics. Cloud-hosted collaboration will also benefit, supporting instant uploads for 3D modelling, augmented reality (AR), and virtual reality (VR) workflows, driving the next wave of digital creativity. Uplink-focused solutions like live video analytics, smart city monitoring, and drone surveillance will thrive, thanks to instant data uploads for mission-critical decisions. Empowering everyday users in the 5G-advanced world For consumers, this leap forward will transform digital lifestyles—allowing content creators to upload 8K videos and stream immersive content to platforms like YouTube and TikTok in seconds. Gamers will enjoy lag-free cloud gaming, while smart homes will instantly upload high-definition footage and IoT data, boosting efficiency and responsiveness. Applications such as virtual event hosting and user-generated AR content will flourish, offering faster, richer, and more immersive digital experiences. Based on 3GPP Release 17, this deployment takes advantage of enhanced mobile broadband (eMBB) and ultra-reliable low-latency communications (URLLC), laying the groundwork for scalable, energy-efficient 5G networks. With this successful deployment on a commercial CPE and a live 5G site, e& UAE has demonstrated its ability to turn vision into reality. By optimizing FR1 2100MHz and C-band with Uplink 3Tx, the company is paving the way toward a hyper-connected future. Once such CPEs become widely available, e& will be well-positioned to empower both consumers and enterprises with next-generation connectivity.
Khaleej Times
2 hours ago
- Khaleej Times
Dubai gaming ecosystem expands rapidly with 350+ companies
More than 60 new gaming companies have set up shop in Dubai since the emirate launched its Dubai Program for Gaming 2033 'DPG33' in November 2023, marking a growth rate of 16.6 per cent since the launch of the programme, data showed Overseen by the Dubai Future Foundation, the Dubai Program for Gaming 2033 'DPG33', has announced that Dubai is home to more than 350 companies, with 260 of them categorised as specialised game developers, contributing overall to a global industry valued at $200 billion globally. The gaming industry has emerged as one of Dubai's most promising economic sectors in recent years. Khalfan Belhoul, CEO of the Dubai Future Foundation, said: 'The recent achievements in the Dubai's gaming industry reflects the success of the city's vision for its future economy — one built on economic diversification and the proactive investment in current and future development opportunities. The gaming sector holds unprecedented economic potential, and Dubai was — and will remain — a land of opportunity and a destination for innovators and creators. The industry offers a wealth of unprecedented opportunities thanks to the supportive ecosystem for entrepreneurs and innovative ideas in advanced technology sectors, particularly game development, which is a key driver in enhancing Dubai's global competitiveness and in achieving the goals of the Dubai Economic Agenda (D33).' DPG33 aims to position Dubai among the world's top 10 global gaming hubs over the next decade, with 30,000 new jobs and a $1 billion boost to GDP by 2033. It focuses on nurturing talent and entrepreneurship, embracing technological advancements, and fostering digital content development, while creating training and employment opportunities with leading global firms and academic institutions, and leads a variety of local and international events, exhibitions, and partnerships that strengthen collaboration between individuals, businesses, and regulatory bodies in Dubai and beyond.
Khaleej Times
2 hours ago
- Khaleej Times
Dewa adds 800MW of clean energy production capacity to its energy mix in 2025
The total production capacity of the Mohammed bin Rashid Al Maktoum Solar Park has increased to 3,860 megawatts (MW), using photovoltaic (PV) solar panels and concentrated solar power (CSP) technologies. Since the beginning of this year, DEWA has added 800MW from the sixth phase of the solar park, bringing clean energy's share to approximately 21.5% of its total production capacity. 'The Mohammed bin Rashid Al Maktoum Solar Park is our key project to achieve the Dubai Clean Energy Strategy 2050 and the Dubai Net Zero Carbon Emissions Strategy 2050, which aim to provide 100% of the emirate's energy production capacity from clean sources by 2050. By 2030, the solar park's production capacity will reach 7,260MW, with clean energy making up 34% of DEWA's energy mix. This will reduce approximately eight million tonnes of carbon emissions annually,' said Saeed Mohammed Al Tayer, MD & CEO of Dubai Electricity and Water Authority (Dewa). The first phase of the Mohammed bin Rashid Al Maktoum Solar Park, with a capacity of 13MW using PV solar panels, was commissioned in October 2013. In March 2017, the second phase, with a capacity of 200MW, was inaugurated. It also uses PV technology and was the first solar energy project of its kind in the region based on the independent power producer (IPP) model. In November 2020, the third phase of the solar park was inaugurated with a capacity of 800MW. This phase, also using PV technology, was the first in the Middle East and North Africa to use single-axis solar tracking to enhance energy generation. In December 2023, the fourth phase of the solar park was inaugurated with a total capacity of 950MW, combining CSP and PV panels. It uses three hybrid technologies to produce clean energy: 600MW from a parabolic basin complex, 100MW from a solar power tower and 250MW from PV solar panels. In June 2023, the fifth phase, with a capacity of 900MW, was inaugurated using photovoltaic panels. DEWA is currently working to complete the sixth phase of the solar park, with a capacity of 1,800MW using PV panels. DEWA has invited international developers to participate in the implementation of the seventh phase of the Mohammed bin Rashid Al Maktoum Solar Park, which will have a capacity of 1,600MW. This phase, which is expandable to 2,000MW, will utilise PV solar panels and a battery energy storage system with a capacity of 1,000MW for six hours, providing a total storage capacity of 6,000 megawatt-hours. This will make it one of the world's largest solar-plus-storage projects. The phase will be implemented under the IPP model.
