ByBit Hack: Mapping Information Security Controls to Vulnerabilities

24-Feb-2025

Over the weekend, I read many articles, chats, and commentary on the ByBit hack. Though most of the commentary came to the same conclusion about the vulnerabilities and timelines of the attack, none that I could see actually referenced any information security standards and controls that could have prevented this attack or at least reduced its impact.?

Some articles state, “watch out for blind signing,” but how can a stakeholder such as an interested investor or insurance provider apply checks to their due diligence process unless a relevant requirement is identified from a standard to be able to measure risk?

Information security standards define requirements that allow an entity to provide a measurable result of meeting the intent of a requirement. For example, “watch out for blind signing” is not measurable, but a requirement that requires a signing mechanism that provides clear signing for a key management system is.

Based on the articles I have read so far, four vulnerabilities within ByBit's environment may need addressing, which I have defined below.

Note: Standards such as PCI DSS and ISO/IEC 27001 have requirements that are just as applicable to Web3 space as Web2 space. These include controls such as access management, configuration management, change management, secure coding training, etc.

CCSS is a key management standard designed for Web3 key management systems and should be a standard to certify against, along with the Web2 standards.

So, when considering controls to implement for your Web3 platform, don't select one information security standard to align with or certify against.

Vulnerability 1: Transactions not verified through out-of-band channels and verification mechanism caused blind signing.

Controls for Vulnerability 1

CCSS v9, Requirement 1.05.8.1 Verification of fund destinations and amounts is performed via Approved Communication Channels prior to the use of key material.

Commentary for Vulnerability 1

There appears to be reliance on a verification mechanism that does not effectively show the full transaction information.

Ben Zhou did state that the Ledger device used provides "clear signing”, but he still found it difficult to review all the transaction information.

Controls Focus for Vulnerability 1

(1) The transaction mechanism must provide clear and detailed information regarding the transaction and not limit the ability to view information.

(2) The transaction data should be verified on another out-of-band tool that clearly shows the transaction data and verification of the transaction.

(3) Pre-sign simulations or dry-run execution of the transaction should be done.

Vulnerability 2: Staff not sufficiently trained in information security awareness.

Controls for Vulnerability 2

CCSS v9, Requirement 1.05.6.1 All individuals involved in key management operations, or with the ability to impact the security of Key Material, complete specific applicable training. This training is to be conducted on hire, and conducted before the actor being trusted with access to Key Material, and then annually.

Commentary for Vulnerability 2

The initial attack vector stated by some researchers and commentators is that the attacker gained access to the ByBit environment through a social engineering attack.

Controls Focus for Vulnerability 2

(1) All key custodians and personnel who could impact the security of key material must have security awareness training tailored to their role(s) at least on hire and annually.

(2) The training material for each role must be based on a risk assessment that has defined the attack vectors. For example, for key custodians training topics must cover the entities key management processes including how to protect any key material that they are responsible for from unauthorised access.

Vulnerability 3: Lack of information security controls.

Controls for Vulnerability 3

Many baseline information security standards, such as ISO/IEC 27001 and PCI DSS, can address selecting and implementing baseline information security controls such as anti-malware, firewalls, FIM, IDS/IPS, training, etc… However, CCSS v9 provides enhancements to key management activities that are unique to Web3 key management. So, using a mixture of baseline security standards and CCSS v9 will provide good coverage to address this weakness.

Commentary for Vulnerability 3

Several researchers and commentators have stated that ByBit may not have had enough information security controls to detect malicious activity within its environment which may have caused the malicious actor to be able to hide the true transaction information.

Controls Focus for Vulnerability 3

CCSS v9, Requirement 1.01.3.2 The key material generation process has been documented and addresses the following:

1. The key material generation process must be conducted in a secure environment.

2. The physical environment that will be used for the key material generation process is checked before use for any unauthorised recording/surveillance equipment, windows allowing the key material generation process to be viewed by external personnel, poor physical separation of the area from the main working areas, effective physical access controls to restrict unauthorised access of personnel, backup power supply, environmental controls to protect against electromagnetic interference, sound leakage, or other vulnerabilities that could compromise the process.

3. All equipment and software used for the key material generation process must be checked before use for updates such as new software versions, any signs of tampering, and be in good working order.

4. All moveable equipment such as hardware devices, laptops, and key material is secured from unauthorized access when not in use.

5. A detailed runbook defines all steps performed during the key material generation process. After the completion of each step, the participating actors sign off in the runbook stating that the step was performed and checked.

6. All roles participating in the key material generation process must be defined and utilized. Segregation of duties must be considered when allocating personnel to roles.

7. Each actor involved in the key material generation process must independently generate their own discrete key material. In a multi-signer scheme, no single actor is permitted to generate key material that will be used by another actor unless the actor is an automated signing agent. (Refer to requirements 1.01.1.1 and 1.01.1.2.).

Vulnerability 4: Insufficient risk assessment of the wallet and transaction signing mechanism.

Controls for Vulnerability 4

CCSS v9, Requirement 1.01.2.1 The methodology for generating key material is validated prior to use. Software does not include features that restrict which values can be used. Software does not include features that store or transmit data to another actor, unless that feature enhances security.

Commentary for Vulnerability 4

Several researchers and commentators have mentioned concern that the cold wallet used a smart contract to provide certain wallet management functions.

Controls Focus for Vulnerability 4

(1) A risk assessment must be undertaken for any wallet infrastructure and key management system to ensure all vulnerabilities in the wallet infrastructure and key management system are identified and the level of acceptable risk is reached.

(2) Ensure that the wallet configurations provided do not allow for weaknesses in the key management processes such as key creation and signing.

About Me

I am the Associate Director of Audit at SixBlocks Audit, which provides information security auditing, counterparty risk assessment, policy and standards creation, and advisory services to Web3 platforms and organizations worldwide. I also advise and guide regulators and government departments on Web3 information security.

You can download my CCSS v9 Implementation Guide for free here: https://www.sixblocksaudit.com/ccss-v9-implementation-guide