February 27, 2025 | Read Online

The Bybit $1.4 billion exploit triggered a predictable response: an influx of security and infrastructure firms, each claiming that their technology could have prevented the attack. While some propose meaningful security improvements, others are opportunistically using the breach to push products that are tangentially related at best.

Berachain's revenue chills:

Source: Blockworks Research

Berachain's network revenue (REV) peaked at over $8k on Feb. 6 — coinciding with its mainnet launch — before dropping below $2k for most of February. The chain's TVL appears to have plateaued last week, at $4.92 billion.

The trend reflects a broader market downturn as users remain hesitant to ape in. Even Berachain can't escape the impending bear market mood. Unless DeFi activity picks up, Berachain's REV — which is almost entirely paid to validators — might stay in hibernation.

— Macauley Peterson

Builders and Devs: You Are Wanted on Stage!

Permissionless speaker applications are open. If you're a technical founder, CTO, or developer, apply!

Some conferences recap the past. Permissionless IV is about what's next.

📅 June 22–26 | Brooklyn, NY

Call for speakers!

Capitalizing on the Bybit hack

The FBI has confirmed the hack was the work of North Korea's Lazarus Group, which targeted Bybit's Safe{Wallet} setup. A key detail disclosed yesterday is that it was a Safe developer's machine — and not Bybit's infrastructure — that was compromised, allowing attackers to inject malicious code into the transaction signing interface.

The deception resulted in Bybit's signers blindly approving a fraudulent transaction, draining its largest Ethereum wallet.

Security researcher Taylor Monahan emphasized that this attack was entirely predictable given the crypto industry's long-standing blind-signing problem. As she noted: "There is NO org in this space that is taking security seriously enough to protect against a dedicated, persistent, motivated adversary like Lazarus."

Key findings include:

Safe{Wallet}'s UI was compromised — Bybit's interface showed an expected transaction, but signers unknowingly approved a completely different transaction.

Blind signing on Ledger devices was the final failure — Bybit's final signer, Ben Zhou, admitted he didn't verify the transaction fully on his Ledger hardware wallet before approving it.

The attack targeted human oversight — Lazarus didn't need to exploit smart contracts or break cryptographic security; it simply took advantage of trust in the UI.

Former Binance CEO CZ criticized Safe's response, raising critical questions like why did a single developer's machine have access to Bybit's transaction process? How did Ledger's signing process fail to prevent this? And what security lessons should the industry take away?

These are all good questions which will take some time to fully address.

A wave of companies rushes in

With every high-profile hack, companies flood the space claiming their product would have stopped it. Some address the specific issue — secure transaction verification — while others hijack the narrative for marketing.

OISY (Dfinity-backed onchain wallet)
Claim: Browser extensions and private key management are the weak links. OISY eliminates them by running fully onchain.
Reality: The attack had nothing to do with browser extensions or private key exposure — it was blind signing. OISY's architecture might be novel, but it doesn't solve the problem that caused this hack.
Impossible Cloud Network (decentralized cloud storage)
Claim: Centralized cloud services (like AWS) were the root cause of the exploit.
Reality: While decentralized cloud storage can reduce attack surfaces, Bybit wasn't hacked through AWS. The issue was Safe's UI manipulation and blind signing — not the particular choice of cloud hosting provider.
Cubist (hardware-backed signing security)
Claim: Enforcing strict signing policies, such as pre-approved addresses, governance delays and multi-factor authentication would have blocked this exploit.
Reality: This is actually relevant. If Bybit had enforced signing restrictions, Lazarus wouldn't have been able to trick it into blind-signing a malicious transaction.
Fireblocks (MPC-based security and transaction policy enforcement)
Claim: Bybit's security model was fundamentally flawed — Ledger's blind-signing requirement combined with Safe's UI vulnerability left it open to attack. Fireblocks argues that its MPC-based infrastructure, policy engines and real-time transaction verification would have mitigated this risk.
Reality: This claim is one of the more valid responses. Fireblocks' policy enforcement would have prevented arbitrary approvals, requiring predefined transaction rules that block unexpected transactions — even if signers get tricked.

However, there's also a risk, as Taylor Monahan put it in her characteristically sassy style. "Fancy multisig, semi-custodial, MPC, blah blah blah product…make your attack surface LARGER, not smaller."

The real lesson is UI trust is the biggest security hole. Bybit's attack wasn't about smart contracts, decentralization or private key security — it was about blind trust in a compromised UI.

In crypto, don't trust, verify. Otherwise, you defeat the purpose of using hardware wallets in the first place. Every solution that ignores this reality is missing the point.

For all the noise about decentralized cloud storage, onchain wallets and browserless interfaces, when billions of dollars are at stake, none of this matters if you don't have:

Strict transaction signing policies
Mandatory transaction verification on hardware wallets
Governance delays and multi-layer approvals

As Lazarus continues evolving, the crypto industry must stop chasing trendy fixes and focus instead on hardening transaction security — because apparently the next $1.4 billion hack is just one blind signature away.

— Macauley Peterson

Onchain ETF playground

Normal ETFs are so TradFi. As an alternative, Reserve this week launched Decentralized Token Folios (DTFs), a sort of DeFi-native answer to crypto index investing. Built by ABC Labs, the Reserve Index Protocol lets anyone create, trade and redeem onchain index products instantly — without relying on centralized custodians.

With 12 launch partners, including Bloomberg and MarketVector, the Reserve Index Protocol enables direct exposure to established crypto indices and sector-specific themes such as AI, RWA and memecoins. Unlike traditional ETFs, DTFs settle onchain through smart contracts, removing intermediaries and enabling permissionless access.

The protocol allows anyone to create and manage a DTF, with customizable fee structures for monetization and liquidity incentives. Decentralized governance aims to achieve an open, onchain indexing ecosystem.

— Macauley Peterson

Tay 💖 @tayvano_

150,000+ ETH

7k+ addresses

10k+ transactions

And that's my last count. I had to take a nap. I'm really tired and behind. Everyone else.

Please fucking slow their asses down. Don't let them get a billion fucking dollars out easily 🙏

ic3.gov/PSA/2025/PSA25…x.com/i/web/status/1…

12:25 AM • Feb 27, 2025

1.2K Likes 133 Retweets

54 Replies

Matt Huang @matthuang

.@zachxbt is a legend, using onchain forensics to keep bad actors accountable. He has returned over $350M to victims of hacks and scams. This is increasingly important as the industry grows.

We're excited for zachxbt to be joining Paradigm as an advisor.

Nothing about his focus… x.com/i/web/status/1…

3:31 PM • Feb 26, 2025

3.71K Likes 152 Retweets

274 Replies