Massive Bybit hack spurs cold wallet worries and ethereum rollback debate

Bybit, the world’s second-largest crypto exchange by trading volume, suffered the biggest crypto hack in history last week. Hackers (now allegedly identified as North Korea’s Lazarus Group) stole $1.46 billion from the exchange’s ethereum wallet. The hack also triggered a slew of other events, including Bybit’s launch of a bounty program offering a 10% award of the amount recovered and, most notably, chatter around the idea of a rollback.

As of February 24, Bybit “fully closed the ETH gap of client assets within 72 hours,” according to an announcement.  

The platform was able to “replenish the reserves in record time” thanks to partnerships with several firms, including Galaxy Digital, FalconX, and Wintermute, which helped it secure 447,000 ethereum tokens.

Cybersecurity firm Hacken also confirmed the restoration of the reserves thanks to a new proof of reserves audit.

How they hacked a very secure cold wallet

Chainalysis released a report on February 24 outlining the hackers’ steps, which used “a common playbook used by the DPRK, orchestrating social engineering attacks and employing intricate laundering methods in an attempt to move stolen funds undetected.”

Carlos Perez, director of security intelligence at cybersecurity firm TrustedSec, noted that this attack stands out because it successfully compromised a multi-sig cold wallet, previously considered one of the most secure storage solutions. The hackers leveraged phishing attacks and social engineering to initiate the attack — in other words, human error.

“This was done without exploiting any smart contract vulnerabilities,” Perez said. “Instead of targeting technical flaws in code, the attackers focused on manipulating what human signers saw in their interfaces.”

Given the success of this attack, it’s likely that similar tactics will be used in future breaches, posing an ongoing threat to crypto exchanges and other high-value targets, Alex Hamerstone, TrustedSec advisory solutions director, told Sherwood News.

To roll back or not to roll back?

Since the hack, a debate has started around whether this latest heist could justify a rollback, which, simply put, would reverse transactions on the blockchain. On X, BitMEX cofounder Arthur Hayes asked ethereum cofounder Vitalik Buterin to weigh in. Meanwhile, Bybit CEO Ben Zhou said during an X Spaces livestream that it might be better left to a community vote.  

On the one hand, recovering almost $1.5 billion would be great for Bybit.

However, as experts noted, a rollback would also be antithetical to ethereum’s tenets: being decentralized and immutable. As one X user put it, “There is not even remotely the possibility of a rollback; this is not a f***ing WALMART.”

Ari Redbord, VP and global head of policy and government affairs at TRM Labs, said that while this would be similar to the 2016 DAO rollback, it’s also a “tough call.”

“Ethereum has evolved. Reversing transactions now would disrupt DeFi, bridges, and apps, setting a dangerous precedent for blockchain immutability,” he added.

Ethereum core developer Tim Beiko deemed the rollback “technically intractable.”

Yet, while the question of “whose theft deserves a rollback?” angers many people, it also creates an impossible standard to maintain fairly, some experts said.

“When you roll back transactions, you’re essentially rewriting history, which violates this core principle,” Perez said. “This creates a serious philosophical contradiction for a technology built on the premise of being tamper-proof.”

Yaël Bizouati-Kennedy is a financial journalist who’s written for Dow Jones, The Financial Times Group, and Business Insider.