By rahmat hidayat

Thursday, February 27, 2025

͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

Forwarded this email? Subscribe here for more

Will Bybit Hack Mark The End Of The Bull Market?

The Blockchain Sector @ 2025-02-27

Feb 27

READ IN APP

It’s been a chaotic few weeks as Bybit was hacked for nearly $1.5B on the 21st (more on this below) and Bitcoin dropped from it’s recent all time high of $109k in January down to $83k yesterday.

This is a significant move and has caused some market turmoil. Some futures exchanges are now operating a negative funding rate meaning there are more shorts than longs. This also destroys the basis trade which generates yield based on a demand for leverage which has been wiped out by the recent pull back.

We haven’t quite invalidated a 2025 bull market just yet and a recovery to new all time high would paint a pretty picture targeting $260k around the end of the year. Given the market conditions this may seem somewhat optimistic.

There are potentially 3 long-term scenarios the market could take from here:

Bullish - Bitcoin recovers, makes new all time high, leverage returns adding fuel to the fire and we continue up, resuming the bull market which dies later this year or maybe 2026.
Bearish - The sell off continues and eventually panic sets in as we settle in for another long drawn out multi-year bear market. Crypto gets boring again and we meet back up in 2028.
Supercycle - We break the four year cycle and continue up gradually in a super cycle pattern, grinding out new all time highs with lower volatility year on year.

Signs of a longer-term bear market would include prolonged price declines, reduced trading volumes, and sustained negative sentiment. However, current data does not support this currently.

I am hoping for a V-shaped recovery and quick rebound which would invalidate the bearish case scenario.

The ETH/BTC chart and BTC.D Bitcoin dominance charts are very important during any signs of a recovery.

If the entire market is reliant on Saylor and (Micro)Strategy being the main bidder, then Bitcoin could likely outperform.

If we see a return of leverage and speculators pivot from the memecoin casino we could see alts do really well. That will look like ETH/BTC breaking up above 0.03 and BTC.D sharply moving down below the 60% support with maybe a bounce at 50%.

ByBit Hacked For $1.48B

In other news the Gnosis Safe multisig frontend at https://app.safe.global was compromised after one of their developers devices was compromised leading to a malicious piece of javascript being injected into the web UI specifically targeting Bybit’s cold wallet.

The notorious Lazarus Group, believed to be behind the heist, didn’t tamper with Safe’s GitHub frontend code. Instead, they altered code directly on a AWS cloud service, tailoring it to intercept a specific Bybit transaction.

The malicious code manipulated what Bybit’s team was signing, allowing the hackers to siphon off funds the moment the transaction was executed. Once the theft was complete, the altered code was swiftly removed, leaving little trace of the intrusion.

This was a highly targeted operation, with the attackers seemingly anticipating Bybit’s transfer timing. However, the implications are broader, any user of Safe’s frontend could theoretically be at risk under similar circumstances.

Safe has issued a questionable statement downplaying the incident, while Bybit has shared preliminary findings from two security firms, pointing fingers at Safe’s internal security lapses. The episode has sparked debates about Safe’s reliability, with suggestions of a rebrand to {un}safe

@Safe seems to be trying to deflect any responsibility

Despite the breach, confidence in Safe multisigs hasn’t entirely wavered. Many, including myself, continue to store the bulk of their crypto assets in these multisig wallets.

Still, the hack raises a critical question: Are all frontends vulnerable to this type of attack?

The answer is yes, but it depends on how frontends are hosted and the access controls implemented. Access typically relies on API keys or SSH credentials, often controlled by a single individual.

In this case, that individual’s device was likely compromised, possibly through a malicious link leading to a downloaded file, or a zero-day browser exploit. Once the hackers gained access, they harvested the developer’s credentials and executed their plan, walking away with nearly $1.5 billion USD in ETH.

In the past Lazarus have exchanged ETH for BTC and then sold the BTC for fiat on local exchanges, this is a slow process of digital money laundering and I’m not expecting it to influence markets significantly.

There has been a strong effort within the industry to try and blacklist the wallet addresses holding hacked funds but with more work being done on privacy and decentralization once the funds are gone they aren’t coming back.

Short-term fixes seem elusive beyond tightening security practices, better credential management, multi-factor authentication, and heightened vigilance against social engineering.

Looking ahead, a shift toward decentralized frontends hosted in smart contracts, governed by (ironically)… Safe multisigs for updates, could offer a more robust solution if we can find a way around the inherent centralized nature of DNS and web2 technologies.

It’s hard to remove the human factor which will always be vulnerable to social engineering attacks without finding a way to decentralize the product.

https://x.com/james_bachini/status/1894981600535842885