Over the weekend, a bank run (mass withdrawal event) exceeding 5 trillion won occurred at the cryptocurrency exchange Bybit, which experienced the largest hacking incident in history. The recurring hacking of cryptocurrency exchanges reveals the vulnerabilities of centralized exchanges and raises awareness among cryptocurrency investors.
According to the cryptocurrency industry on the 24th, a hacking incident occurred on the 21st at Bybit, where approximately $1.5 billion (about 2.1577 trillion won) was stolen. Users of Bybit, feeling anxious about the exchange's safety, withdrew approximately $4 billion (about 5.754 trillion won) from the exchange the day before. As a result of this incident, Bybit suffered total losses of $5.5 billion.
◇ The perpetrator is North Korea's Lazarus, 'wallet attack during asset transfer'
This hacking is suspected to be the work of the North Korean hacking group Lazarus. Lazarus has a history of hacking cryptocurrency exchanges multiple times. According to Bybit's announcement, the hackers attacked one of Bybit's Ethereum wallets and stole Ethereum and ERC-20 (Ethereum token issuance standard) cryptocurrencies. They also attacked and stole assets during the process of transferring funds from 'cold wallets' to 'warm wallets' among several wallets used by Bybit.
Cryptocurrency exchanges use both offline wallets (cold wallets) and fast online wallets (hot wallets) to enhance security. Cold wallets are secure against online hacking since they store cryptocurrencies while not connected to the internet. Warm wallets are intermediary wallets that combine the advantages of both. Generally, exchanges store about 80% of the assets deposited by users in relatively secure cold wallets, while the remainder is kept in fast hot wallets, but hackers mainly target the times when funds are transferred between wallets.
The amount lost in the Bybit hacking exceeds previous cryptocurrency exchange hacking incidents, such as the Poly Network in 2021 ($611 million) and Mt. Gox in 2014 ($470 million). Hacking incidents at centralized cryptocurrency exchanges occur quite frequently. Last year, DMM Bitcoin was hacked for $300 million, and in 2018, Coincheck lost $34 million. In South Korea, Upbit was hacked in 2019, and Bithumb experienced a hacking incident in 2017.
Bybit, headquartered in Dubai, is a major exchange that once ranked second worldwide in terms of custody size. Bybit was known to hold about $16.2 billion in assets prior to the hacking. Fortunately, users did not suffer losses, and unlike the Mt. Gox incident, the exchange will not be closing; however, the exchange's assets will decrease to $10 billion due to the loss of approximately $5.5 billion.
◇ To protect assets, use 'personal wallets'
If the assets of Bybit exchange could not withstand the hacking losses and the bank run, bankruptcy would have been inevitable. Additionally, the damage from bankruptcy would be solely borne by the users of the exchange. Experts recommend using personal wallets to prevent hacking losses. Most cryptocurrency investors, including those in South Korea, only use exchange wallets.
However, when hacking or exchange safety issues arise, if there is no personal wallet, it becomes difficult to quickly withdraw personal funds. This is because to cash out all the cryptocurrencies one holds, they need to sell the cryptocurrencies in the market and request a withdrawal from the exchange. However, having a personal wallet allows for easy movement of cryptocurrency by simply entering the wallet address. Additionally, among personal wallets, cold wallets that are not connected to the internet can be considered relatively safe from hacking.
Using decentralized cryptocurrency exchanges may also be an alternative. Exchanges like Upbit, Bithumb, and Bybit are centralized exchanges (CEX) that hold personal assets like banks. Since CEX operates a single server or databases and holds users' assets, if the exchange is hacked, customers' assets are compromised.
In contrast, decentralized exchanges (DEX) operate on blockchain smart contracts without a central server, allowing users to trade directly from their personal wallets (such as MetaMask, Ledger), which provides relatively higher security. However, utilizing DEX requires a fundamental understanding of blockchain and the ability to operate its functions, which can present hurdles for novice investors.
Choi Seung-ho, a researcher at jengle Research Institute, noted, "When a hacking issue at an exchange occurs, it is important to move funds to a safe wallet or account as quickly as possible before the exchange halts withdrawals. Investors with an understanding of personal wallets can use personal cold wallets as safes and only utilize centralized exchanges when cashing out to minimize hacking damage." He added, "Additionally, using a DEX can also be a viable option."