This Unchained podcast episode interviews Mudit Gupta, Polygon's CISO, about the $1.5 billion Bybit hack, attributed to North Korea's Lazarus Group. The discussion details the hack's methodology—social engineering of a SAFE multi-sig wallet developer, leading to a malicious website update targeting Bybit—and explores security best practices, including multi-sig wallet diversification, transaction verification, and robust monitoring systems. Gupta emphasizes the critical need for layered security, highlighting Bybit's failures in these areas. He also suggests implementing time-locked smart contracts and diversifying signing devices to enhance security. The interview concludes with a discussion of Lazarus Group's evolving tactics and the limitations of formal verification in preventing this type of attack.
