INTELLIGENT BRANDS // Enterprise Security

“ In security, we are only as strong as our weakest link. Bybit has doubled down on fortifying our platform and procedures in the past two months in response to an increasingly challenging security landscape,” said Ben Zhou, co-founder and CEO at Bybit.

In February, Bybit was subjected to a sophisticated multi-stage attack which turned out to be the largest hack known to crypto. While the hack, caused by a compromised external multi-signature service, did not breach Bybit’ s infrastructure or core security parameters, the exchange has taken extra steps to enhance its security setup and platform integrity.

Approaching the challenges from three key aspects, Bybit proactively elevated its safety standards in the weeks that followed.

Security Audits

While still recovering from the hack, Bybit immediately sought to conduct evaluations of its systems and processes simultaneously. Within a month of the hack, Bybit concluded nine security audits conducted by in-house specialists and independent external experts, and implemented over 50 new security measures and recommendations.

Cold Wallet Solutions

At the time of the incident, Bybit followed industry best practices in wallet safety. However, the event demonstrated the severity of the cyber security arms race as more powerful hacking groups entered the scene. Bybit has since adopted more stringent cold wallet solutions to minimise the attack surface to enhance procedural, algorithmic, and hardware safety.

The three-dimensional framework includes a revamped authorisations OSP, Operational Safety Procedure mandating full-journey supervision by security experts, increased wallet protection using the MPC, Multi-Party Computation model, and consolidating HSM, Hardware Security Modules to achieve hardware-level safety.

Bank-Grade InfoSec

Bybit has built in encryption by default. Bybit is ISO, IEC 27001 certified for its information security risk management, the highest standard in the sector adopted by major financial institutions. All communications are end-to-end encrypted including noncustomer facing exchanges, with file systems optimised for encrypting data at rest.

The immediate aftermath of crypto’ s most drastic hacking incident was brief, as Bybit was able to stay fully operational while fulfilling a record number of withdrawals in the first 12 hours. The exchange absorbed the damages and customer assets were ring-fenced from the incident. A hunt for the stolen funds is on-going on Bybit-led open platform for illicit fund tracing, Lazarus Bounty, where over $ 2.3 million in bounty rewards has been distributed to date.

Bybit has also come forth with full transparency including fresh proof-of-reserves exercises, and regained its leading positions across benchmarks, achieving No. 1 in capital inflows among CEX in March.

A recent report by Kaiko corroborated the 30-day recovery, demonstrating Bybit’ s liquidity resilience. p

www. intelligentcio. com INTELLIGENTCIO MIDDLE EAST 71