Bybit Hack Exposes Major EVM Flaws, Security Analyst Sounds the Alarm

• The Bybit attack highlights ongoing EVM security flaws in multisig wallets and proxy upgrades, exposing billions to risk.
• Attackers exploit DelegateCall and social engineering tactics, making EVM’s architecture a prime target for sophisticated hacks.
• MultiversX enhances security with explicit upgrade settings, human-readable transactions, and on-chain guardians for extra verification.

Robert Sasu, a developer and security analyst, has highlighted critical vulnerabilities in the Ethereum Virtual Machine (EVM) following the recent Bybit attack. He emphasized that despite years of advancements, EVM remains highly insecure. The attack exploited weaknesses in multisig wallets and upgradable contracts.

How the Bybit Attack Unfolded

The hacker executed a sophisticated scheme involving four key steps. First, they deployed a trojan contract and a backdoor contract. Next, they deceived multisig wallet signers into approving an ERC-20 transfer to the trojan contract.

Instead of transferring tokens, the contract replaced the Safe multisig implementation with the attacker’s backdoor contract. Finally, the hacker executed sweepETH and sweepERC20 functions, draining the wallet of ETH, mETH, stETH, and cmETH tokens.

Why EVM Security Remains a Concern

Sasu pointed out that EVM security flaws have persisted for years. DelegateCall and proxy-based upgrades introduce severe risks. These mechanisms create backdoors, making contracts vulnerable to exploitation. Many Layer 2 solutions rely on similar architectures, leaving billions at risk.

Moreover, the reliance on multisig wallets further exacerbates security threats. Attackers often manipulate signers into approving malicious transactions. This has led to multiple bridge hacks and substantial financial losses in the past. Despite these risks, the industry continues to prioritize EVM compatibility over fundamental security improvements.

How MultiversX Addresses These Issues

MultiversX introduces a more secure contract model. It allows contracts to be explicitly set as upgradable or non-upgradable, eliminating the risks associated with DelegateCall. Additionally, it features a transparent upgrade function that users can clearly understand before execution.

Another key improvement is the wallet’s ability to interpret transactions. Users receive a human-readable message outlining the exact transaction details before signing. This prevents hidden malicious actions from being executed. 

Furthermore, MultiversX eliminates ERC-20 token standards and smart contract-based token transfers. Instead, it employs a native asset system with atomic TransferAndExecute functions, enhancing security.

On-chain guardians add another protective layer, linking wallets to cold storage for extra verification. This ensures that users fully comprehend their transactions before signing, reducing the risk of deception.