The Bybit hack, which resulted in the loss of $1.4 billion in Ethereum-related tokens, has sparked debate over its root cause.
The Bybit hack, which resulted in the loss of $1.4 billion in Ethereum-related tokens, has sparked debate over its root cause. Some blame vulnerabilities in the Ethereum Virtual Machine (EVM), while others argue that operational security failures were responsible. Adam Back, Blockstream co-founder, criticized EVM technology on X, calling it overly complex and fundamentally insecure. He claimed that hardware wallets struggle to properly verify Ethereum transactions due to the EVM’s design, making blind signing a major security risk.
Back argued that the problem was not with Bybit’s hardware wallets themselves but with the difficulty of verifying transactions on them. He claimed that Ethereum’s complexity makes it impossible for hardware wallets to display transaction details properly, unlike Bitcoin. He described the EVM as a “dumpster fire” that damages the credibility of the crypto ecosystem. His comments received pushback from those who believe the hack was caused by poor operational security rather than an inherent flaw in the EVM.
Cybersecurity experts pointed out that Bybit’s compromised wallet was a multisignature wallet, meaning multiple approvals were needed for transactions. Lex Fisun, CEO of Global Ledger, noted that only one of Bybit’s ETH cold wallets was affected, while the others remained secure. He suggested that the breach was likely due to weak security practices around cold wallet transfers rather than a fundamental flaw in the EVM. Dyma Budorin, CEO of cybersecurity firm Hacken, echoed this view, stating that multisig vulnerabilities are not exclusive to Ethereum. He emphasized that even Bitcoin’s multisig wallets, despite being simpler in design, are still susceptible to phishing, human error, and targeted attacks on signer devices.
The attack is believed to have been carried out by the North Korean Lazarus Group. The hacker is now the 14th largest ETH holder in the world, surpassing major entities like Fidelity and Ethereum co-founder Vitalik Buterin. In response, some Bitcoin supporters, including JAN3 CEO Samson Mow, sarcastically suggested that Buterin should implement a blockchain rollback to recover the lost funds, referencing the 2016 DAO hack that led to Ethereum’s split into ETH and Ethereum Classic (ETC). Ethereum developer Tim Beiko dismissed the idea, stating that the protocol treats the transaction as valid, making a rollback impossible.
Despite the controversy, Bybit has remained silent on whether the EVM played a role in the breach. The company has since announced that it has fully restored its ETH liquidity. The debate over EVM security versus operational failures continues, with no clear consensus on what ultimately led to one of the largest crypto heists in history.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
