Adam Back Blames Bybit Hack on EVM Design Flaws

The «flawed design of the EVM» has been identified as the cause of the Bybit hack, according to Adam Back, co-founder of Blockstream and a prominent cryptopunk.

In an official statement from the exchange, it was revealed that the incident occurred during the transfer of ETH from a cold multisig wallet to a hot wallet.

Cybercriminals manipulated the transaction signing interface so that all parties involved saw the correct address. However, the logic of the smart contract was altered, enabling the hackers to gain access to the Ethereum wallet.

«Essentially, the EVM could crash to zero, and no one seems to care. The problem lies in how the Ethereum virtual machine undermines trust in the entire ecosystem, which unfairly impacts Bitcoin,» remarked the expert.

Back characterized the EVM as «complex, fragile, and unsafe.»

«They’ve been losing billions each year for several years now. Not a single day has passed since the nine-digit loss on ETH,» he lamented.

According to Back, the Bybit incident is not related to the security of hardware wallets, but rather stems from the difficulty of properly verifying transactions within the EVM.

In contrast, the Bitcoin ecosystem is devoid of such vulnerabilities, he added.

«The very purpose of hardware wallets is to allow users to see on the device’s screen how much they are paying and to which address. This functionality fails for ETH due to the EVM’s complexity and state size. That’s the core issue. ETH on the hardware wallet didn’t even display the addresses for Bybit,» Back explained.

In an interview with Cointelegraph, Dmitriy Budorin, CEO of Hacken, challenged Back’s assertions. He opined that vulnerabilities and the complexities of using multisig wallets present challenges across all ecosystems, including Bitcoin.

«Even systems within digital gold, despite their simplicity, remain susceptible to risks like human error, phishing, or advanced attacks targeting signing devices and workflow processes,» he clarified.

Lex Fisun, co-founder of Global Ledger, supported Budorin’s position. He pointed out that during the Bybit incident, only one ETH address was compromised. He speculated that this breach was due to «weak points in operational security regarding transfers from cold wallets, not because of an inherent flaw in the EVM.»

«It’s possible the exploit originated within the virtual machine, but we can’t confirm that at this time,» he indicated.

Bybit has declined to comment on whether they believe the EVM played a role in the security breach.

It is worth noting that experts at Arkham Intelligence have linked the incident to the North Korean hacking group Lazarus Group.

Previously, Back stated that advancements in quantum computing would likely strengthen Bitcoin rather than undermine it.