How $1.4 Billion Was Stolen Using One Bit in the Largest Crypto Hack
The recent Bybit hack is a sobering reminder of how a single overlooked detail — just one bit — can lead to catastrophic consequences.
- A single parameter (operation: 1) in Safe’s contract execution allowed attackers to drain funds.
- Multiple signers failed to catch it—was it compromised devices, manipulated UI, or just a lack of visibility?
- Multi-signature security should mean multiple layers of visibility—not just multiple keys.
At Utila, we are laser-focused on eliminating hidden single points of failure in security workflows. No matter how sophisticated the system, a weak link—especially one as subtle as this—can be disastrous. Here’s a deep dive into the Bybit hack incident by Utila’s Co-founder & CTO, Sam Eiderman.
How $1.4 billion was stolen using a single bit flip (0 → 1)
Bybit, the world’s second-largest cryptocurrency exchange by trading volume, has been hacked (likely by the Lazarus Group) using a sophisticated method that involved phishing multiple Bybit employees to sign on a seemingly innocent token transfer transaction which actually took control of their assets.
To protect crypto assets, eliminating single points of failure is key.
Usually, one of those failures is private keys, which is why companies like Bybit use smart contract wallets like {Gnosis} Safe. These require multiple signatures before executing a transaction, ensuring funds are secured within a multi-sig contract rather than a single private key.
These contracts should be SECURE and SIMPLE.
However, one “advanced” feature (always the case), has caused the loss of $1.4 billion for Bybit – the operation parameter.
When invoking transactions on Ethereum, the usual parameters to scan for threats are the `to` and `data` parameters which are built-in transaction values. When invoking transactions via Safe, all signers need to agree on these parameters and delegate the invocation of the transaction to the Safe contract via the `execTransaction` method.
However, one additional parameter, which is specific to Safe’s implementation is `operation` – an innocent looking parameter – that changes the entire meaning of the transaction.
You change it from 0 to 1 and now the transaction that you wanted the Safe contract to execute on your behalf – will be executed using Delegatecall, which will allow the called contract (Lazarus’ malicious contract) to be called within the context of the calling contract (Bybit’s Safe Contract) and allow it to gain access to its storage – and so it did…
Why didn’t any one of Bybit’s signers (humans, using different devices) notice that the transaction is being called with `operation: 1` parameter?
That’s the 1.4 billion dollar question.
According to Bybit – their signers did not see anything wrong in the same UI they were using.
Which brings us to the next lesson – Even though the signing keys were not compromised, there was single point of failure – using the same software to view the proposed transactions – all signers were blinded.
- Were their devices compromised?
- Was the viewing software manipulated (Gnosis Safe’s web application)
- Or does `operation: 1` not visibly stand out in the UI?
Regardless, this could have been avoided by blocking this advanced feature so that the signers could not even possibly call even if they wanted to.
The current design where execTransaction can be called with such a dangerous option (operation: 1) and it will only be reflected in the UI as a single innocent character change (0 → 1) could have been one of the reasons to the success of this hack.
Let’s see how this will unfold in the coming days.
At Utila, we are laser-focused on eliminating hidden single points of failure in security workflows. No matter how sophisticated the system, a weak link—especially one as subtle as this—can be dangerous.
