Following this hack I ended up here ...

npub1t39…0fey

2025-02-26 12:31:06

in reply to nevent1q…sw5l

Following this hack I ended up here https://www.reddit.com/r/ethereum/comments/1iuxkmv/how_bybit_could_have_prevented_this_hack_but_didnt/
It's interesting that in typical eth style the solutions require layering additional complexity and possible more attack surface.

1. Signers blindly approved a malicious transaction - yeah I wonder why, probably because the HW couldn't just say sign x amount to move to x!?
2. No second-layer verification for transactions - again no questions why, once they're going to external sites the only thing the hw wallet is really doing is protecting the key
3. No transaction simulation before signing - I mean not a bad idea but if it wasn't so fucking complex why couldn't the HW do this... The coldwallet should only be moving funds from storage to another of your addresses why would it even need to do anything particularly complex, surely it should be the same every time you do it?
4. No withdrawal delays for large transactions - yeah that should be probably part of the process, this being eth they probably mean adding more complexity to the signing contract though!
5. No smart contract "Guardian" system - cool add another contract to get replaced/hacked!
6. No anomaly detection or security alerts - The anomaly did get detected, its all gone LOL!

Author Public Key

npub1t39l8e2gdq7kr7mjhe053skl7r84ryqmnhvca6xmz780u53wxf0swj0fey

Seen on

wss://relay.nostr.band

Show more details

Published at

2025-02-26 12:31:06

Kind type

1 Short Text Note

Event JSON

{ "id": "e0dd5efe6bb716ff0f49200d892893513d9330d1b16ffc2c0fc4f03164285207", "pubkey": "5c4bf3e548683d61fb72be5f48c2dff0cf51901b9dd98ee8db178efe522e325f", "created_at": 1740573066, "kind": 1, "tags": [ [ "e", "a25adc2f8ccf072275f995daa5a34955f0fd1b41f13dd35fb5e8e7b1350fa26d", "wss://nostr.wine/", "root", "922945779f93fd0b3759f1157e3d9fa20f3fd24c4b8f2bcf520cacf649af776d" ], [ "e", "a25adc2f8ccf072275f995daa5a34955f0fd1b41f13dd35fb5e8e7b1350fa26d", "wss://nostr.wine/", "reply", "922945779f93fd0b3759f1157e3d9fa20f3fd24c4b8f2bcf520cacf649af776d" ], [ "p", "922945779f93fd0b3759f1157e3d9fa20f3fd24c4b8f2bcf520cacf649af776d" ] ], "content": "Following this hack I ended up here https://www.reddit.com/r/ethereum/comments/1iuxkmv/how_bybit_could_have_prevented_this_hack_but_didnt/\nIt's interesting that in typical eth style the solutions require layering additional complexity and possible more attack surface.\n\n1. Signers blindly approved a malicious transaction - yeah I wonder why, probably because the HW couldn't just say sign x amount to move to x!?\n2. No second-layer verification for transactions - again no questions why, once they're going to external sites the only thing the hw wallet is really doing is protecting the key\n3. No transaction simulation before signing - I mean not a bad idea but if it wasn't so fucking complex why couldn't the HW do this... The coldwallet should only be moving funds from storage to another of your addresses why would it even need to do anything particularly complex, surely it should be the same every time you do it?\n4. No withdrawal delays for large transactions - yeah that should be probably part of the process, this being eth they probably mean adding more complexity to the signing contract though! \n5. No smart contract \"Guardian\" system - cool add another contract to get replaced/hacked! \n6. No anomaly detection or security alerts - The anomaly did get detected, its all gone LOL! ", "sig": "c9af1d62739020c760723a6aae8a1a756991cbb9e37c15bb000de528b484929f746ad06245250e86b5a04a2f7ae786a4181190e2175d94fd4c5841a3db9b2bd9" }