Replying to Avatar Jameson Lopp

So the ByBit attack was able to happen because:

Gnosis Safe front end is a web app whose JavaScript gets served from an Amazon S3 bucket.

A Gnosis Safe developer had production AWS keys saved on their machine.

The Dev's machine was compromised and the AWS key used to deploy a malicious front end that only targeted ByBit's wallet.

JavaScript web apps have no cryptographic integrity checks to ensure the code being delivered was actually written by the expected author.

Signing complex EVM transactions can't be done securely on airgapped hardware because the hardware simply doesn't have all of the contextual information needed to know the outcome of executing the transaction.
Avatar
Peter Todd 10mo ago

This hack reminds me of the audit I did on a Bitcoin custodian a while back.

They had a fancy multisig setup. But the source code for that setup was stored on AWS, and they didn't PGP sign it, let alone verify it.

nostr:nevent1qqsdk6xjkg66zmzupynl28g2r78nyhchzsx8zy9l8tfhagtft2l0hpgpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsyg8h9rv7decysdvwwzfs7h9xfvyhwuxe38xds6z5lescak5u3gupqcpsgqqqqqqsy256fn

Reply to this note

Please Login to reply.

Discussion

Avatar
Empka 10mo ago

I wonder how many early era banks had this "trust me bro" level of security

Avatar
Jeroen Ubbink 10mo ago

They were in the fortunate scenario that nobody had a computer yet and they were definitely not connected to each other.

Avatar
Jeroen Ubbink 10mo ago

Plus they run their own database so you can just rollback whatever transaction you didn't like.

Avatar
Peter Todd 10mo ago

Mainly this. ^

Avatar
Empka 10mo ago

Was thinking physical security, this seems like the equivalent of having a vault door made of cardboard