Anatomy of the Bybit attack
Recent security incidents have revealed alarming vulnerabilities in transaction verification processes across the cryptocurrency ecosystem. The Bybit incident stands as a sobering case study showing how sophisticated attackers can compromise third-party services critical to transaction processing. From the information that has emerged about this unprecedented security breach:
- Malicious actors compromised a Safe developer through targeted methods, obtaining privileged credentials that granted unauthorized access to modify production JavaScript files within their web application (an AWS S3 bucket)
- After gaining access, they injected malicious code into Safe's frontend interface, creating a sophisticated man-in-the-browser attack (a form of man-in-the-middle attack) without disrupting normal operations
- The injected code was designed primarily for deception—it silently modified transaction parameters and destinations while displaying the original, legitimate transaction data to users
- As a result, operators and transaction signers unknowingly approved transactions that fundamentally differed from what appeared on their screens, believing they were authorizing legitimate transfers
- The consequences were catastrophic, resulting in what is now the largest cryptocurrency heist in history, with Bybit suffering losses of approximately $1.43 billion in various digital assets
To read more about this: Rekt, Hacken, Elliptic, Halborn, or the preliminary reports of Verichains and Sygnia.
Implications for transaction security
These incidents highlight that companies handling significant digital assets must implement comprehensive threat modeling that accounts for third-party compromise, especially when leveraging external transaction crafting services for critical operations, and this includes using any staking providers’ transaction crafting services such as Kiln’s.
The pixels that you see on your screen always come from somewhere else.Maybe that's your computer's hard drive, maybe that’s a website, maybe that's a server somewhere, maybe it’s a combination of all these things
If a threat actor compromises your computer, or the website, or the server, they can make the pixels display whatever they want.What you see might NOT be an accurate representation of what's actually happening behind the scenes.And you will not know until it's too late.
Kiln's security approach
Kiln takes a comprehensive security approach built on multiple layers of protection. While no system is absolutely secure against sophisticated threat actors (beware of any company claiming otherwise—such claims are red flags and should not be trusted), our defense-in-depth strategy includes:
- Sophisticated onchain transaction monitoring with real-time alerting systems
- World-class infrastructure and smart contract teams
- Regular third-party security audits and continuous monitoring
- Zero-trust architecture principles and strict access controls
At Kiln, we recognize that effective security requires a holistic approach that extends beyond onchain protections. Sophisticated attackers will identify and exploit the path of least resistance—whether that's through smart contracts, frontend interfaces, third-party services, or human elements.
Our security strategy encompasses the entire digital asset lifecycle, combining traditional cybersecurity practices with blockchain-specific protections.
Kiln is non-custodial
It's important to understand that Kiln is non-custodial and does not sign transactions—liability ultimately lies with the party executing the transaction. We provide transparency, security tooling, and best practices, but final verification is the customer's responsibility.
Best practices for transaction verification
To minimize risks of unauthorized transactions due to UI modifications, we recommend customers implement the following verification measures:
- Verify decoded transaction data through multiple providers, do not trust a single source even if it has worked perfectly for years:
- Kiln provides a transaction decoding API (don't use it as the only source of truth)
- Our Minitel project demonstrates how to build independent verification services (don't blindly trust it! We encourage you to fork the repository and fully understand the code before deploying your own version)
- We recommend clients implement their own verification using thoroughly vetted libraries
- If possible, simulate transactions before signing: use independent tools like Tenderly to simulate EVM transaction outcomes and ensure the output is interpreted correctly. For instance, if you expect transacting value, the transaction should not modify a proxy's implementation.
- If your custody setup supports it, implement a multi-approval workflow where certain required approvals are directly tied to verification results from independent tools mentioned above. This creates an additional layer of security that's resistant to UI manipulation.
- Use cold storage for simpler transactions: Structure custody workflows to minimize exposure by ensuring that cold wallets handle only simple transfers while more complex transactions execute from wallets with less value.
- Break complex operations into smaller, more manageable transactions rather than batching too many actions together, which makes it difficult for both automated systems and human reviewers to properly verify the transaction's intent and effects.
- Carefully compare transaction hashes across different interfaces to detect potential manipulation: a mismatch can indicate malicious code injection. Be extra cautious when performing this check on small screens such as those of Ledger Nano devices and similar hardware wallets.
- Implement out-of-band verification where critical transaction parameters are confirmed through a separate, independent channel (e.g., a secure messaging system, a phone call, Slack) with people/colleagues you know well before final approval.
- Create clear separation between transaction initiation and approval roles, especially distinguishing between routine transfers and administrative operations (like smart contract upgrades). Ensure that each transaction is presented with sufficient verifiable context for approvers to understand its broader implications.
- Be particularly vigilant with routine operations, as their familiarity makes them prime targets for attackers. Establish automated context verification tools that flag any transaction parameters outside of established patterns, and require additional human verification for these exceptions.
For safe multisig users
If you're using Safe multisig vaults, consider using open-source tools that can craft transactions without relying on Safe's API, such as safe-tx-hashes with the offline flag (Note: this tool is mentioned for informational purposes only and has not been reviewed or endorsed by Kiln).
We also recommend Safe’s article on transaction checks.
Kiln's commitment to security
A trust-minimized approach must be applied at all layers. Kiln is actively researching techniques to further harden transaction crafting and contract interactions to improve security across all our offerings, including hardware enclaves (secure isolated processing environments within CPUs) & confidential computing (technology that protects data while it's being processed, typically by cloud service providers) with cryptographic attestation methods, as well as multi-party validation through distributed verification with independent instances.
Custom security recommendations
Kiln's security team is always available to:
- Walk clients through our security model
- Discuss our multi-layered risk mitigation approach
- Provide custom security recommendations tailored to your specific custody setup
- Help design robust transaction security architecture aligned with your operational requirements
Next steps for our customers
While examining breaches like Bybit, it's important to maintain perspective. No company, regardless of size or security posture, is immune to sophisticated attacks, especially when carried out by state-sponsored threat actors with virtually unlimited resources. These incidents remind us that security is a continuous journey rather than a destination.
Such attacks can happen to any well-run project or company, and we share these lessons not to criticize the victims but to collectively learn and improve our industry's security practices. We approach this analysis with humility, acknowledging that facing similar adversaries, any system could be vulnerable.
Kiln's security team is available to walk through security concerns, assess risk models, and provide tailored security recommendations based on a client's custody setup. We can offer deep-dive security reviews to ensure their use of Kiln aligns with best-in-class security standards.
Visit our Trust Center for more details on audits and certifications.
