KeyTakeaways:
- CZ warns crypto exchanges about multi-sig cold storage vulnerabilities after Bybit hack.
- Lazarus Group’s advanced tactics target multi-sig systems across multiple exchanges.
- CZ advises pausing withdrawals post-breach to limit damage and restore user trust.
Changpeng Zhao (CZ), former Binance CEO, recently expressed concern over hackers’ increasing ability to target multi-sig cold storage solutions on cryptocurrency exchanges. Following the huge $1.4 billion hack on Bybit, CZ highlighted the growing risks posed by hackers, specifically the Lazarus Group, a North Korean hacking organization, and urged exchanges to take stronger measures to safeguard their cold storage systems.
The Bybit hack on February 21 caused a blow to the crypto community, with over $1.4 billion in liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens stolen. This incident has raised alarms about the vulnerability of multi-sig cold storage wallets, a key security measure many exchanges rely on to protect crypto assets.
Lazarus Group Behind the Attacks
Cybersecurity experts, including Arkham Intelligence and ZachXBT, have traced the Bybit breach to the Lazarus Group. This organization has gained notoriety for its advanced hacking tactics and ability to exploit various vulnerabilities.
CZ’s concern is that the Lazarus Group successfully infiltrated different exchanges, such as Bybit, WazirX, and Phemex, despite each using distinct multi-sig solution providers. This shows that the attackers have an exceptional understanding of different systems and are likely targeting broader vulnerabilities within the multi-sig security infrastructure.
Pausing Withdrawals to Contain Damage
CZ also addressed how exchanges can mitigate the impact of such breaches. He proposed that exchanges should immediately pause withdrawals after detecting any breach. By halting withdrawals, exchanges can prevent further losses, investigate the breach, and determine which devices or systems were compromised.
While this precaution may cause users to panic, CZ pointed out that Binance took similar measures during its 2019 hack when it paused withdrawals for a week. Though initially alarming, this decision helped restore user confidence once operations resumed and even led to more deposits than withdrawals.
In addition to his warnings, CZ stressed that exchanges must not underestimate the evolving threat landscape and should prioritize security upgrades. He urged platforms to reassess their security protocols continuously and remain vigilant against potential attacks.
While acknowledging that Bybit’s CEO, Ben Zhou, handled the crisis with transparency and composure, CZ criticized other exchanges like FTX and WazirX for their lack of openness, which only compounded the issues.
