[Cryptography] Keeping Malware from Using Security Hardware

Wed Mar 5 18:35:29 EST 2025

On 3/5/25 12:15 AM, Kent Borg wrote:
> 5. The UI. How the hell can that be made meaningful enough to offer 
> any security yet flexible enough to be of general use?

I get behind in my podcast listening, but just now I was listening to 
Risky Biz #781 
(https://pca.st/episode/b95a109c-667d-48dc-844a-8a64ef8b00f3) and their 
first story is North Koreans stealing US$1.4 billion from Bybit. (Byebit?)

Bybit uses Ledger hardware wallets, with a display. This transaction 
needed to be approved by humans. And they signed off! Sounds like it 
happened thus:

- Planting in advance an evil "smart" contract on some blockchain, and 
it directed proceeds to North Korea.

- Using what sounds like an amendment provision in the legit "smart" 
contract to get the evil contract also run as part of executing that 
naïve dupe contract.

- Because Bybit's systems were designed with security (!) in mind, this 
transaction needed to have the "signature" approval of multiple persons. 
But the hardware wallet doesn't understand their multiple approval 
stuff, so what was presented on the hardware wallets was a series of API 
calls complete with parameters, and it sounds like lots of hex.

- Once the North Koreans broke into the Bybit network they did their 
homework, figured out internal procedures and who was whom at Bybit, and 
they targeted the computers of those who needed to approve the 
transaction with malware (a Chrome extension?, muses the podcast) and 
this malware presented (lying) transaction details in a comprehensible 
form. How handy, much easier to read than the stuff the scrolls off 
hardware wallet screen.

   *POOF*

$1.4 billion, gone.

It seems that this hardware wallet should have an advantage over 
"Nebuchadnezzar" in being even more single-purpose. But they left in a 
low-level general-purpose feature (showing API calls) whose only excuse 
for being there would have been as a development feature, instead of the 
more complete sounding approach of Nebuchadnezzar.

And, I suppose the other advantage that the North Koreans had is the one 
they have been exploiting for years now: The crypto bros are so blinded 
by how cool they think their blockchains are, and are also part of the 
move-fast we'll debug it in production ethic, that they build insecure 
systems. A architecture where boo-boos can't be clawed back, by design. 
(It is all almost like some violent Warner Bros cartoon where the party 
that got bonked on the head last time will get bonked on the again head 
this time, and again in an entertaining way.)

Very interesting problems.

-kb