Raw Signing misconceptions: A clear understanding of how it works
How Colossus Digital’s security features protect against threats like the Bybit Hack
Introduction
On February 21, 2025, leading crypto exchange Bybit suffered a severe hack resulting in the theft of $1.5 billion worth of assets—widely regarded as the largest crypto heist to date. The attack not only caused significant financial losses but also raised concerns over how institutional-level platforms manage multi-signature wallets and approve high-value transactions.
A step back…
Raw signing refers to the process of directly signing a transaction or message with a private key without any additional layers of abstraction or formatting.
In raw signing, the transaction is constructed in its raw form (without any encoding or pre-processing) and is signed with the private key, generating a signature that can be verified by anyone who has access to the corresponding public key. This process is crucial for ensuring the integrity and security of transactions, as only the holder of the private key can sign a transaction, confirming its validity.
Analysis indicates that Bybit’s incident stemmed from weaknesses in its multi-signature wallet infrastructure, reliance on third-party tools, and insufficient transaction verification processes. This underscores the need for robust systems and diligent security practices—particularly when managing institutional digital assets.
Specific attack vectors exploited
What happened…
1. Compromise of Multi-Signature Wallets
Bybit’s multi-signature wallet typically required three of five signatures to authorize transactions. Attackers planted malware on several signers’ devices, enabling them to manipulate transaction parameters. By altering the wallet’s implementation address, they effectively bypassed the multi-sig requirement, securing control over the wallet.
2. Exploitation of Delegatecall functionality
Attackers leveraged the delegatecall feature in the Ethereum Virtual Machine, which allows a contract to execute code as if in another contract’s context. When poorly managed, it can let unauthorized parties modify the contract’s implementation, granting them privileges that override normal security checks.
3. Supply chain attack
Investigations revealed a supply chain compromise tied to Safe{Wallet}, a multi-sig wallet provider. A developer’s machine was breached, allowing malicious code to be injected. This code activated during a routine transaction at Bybit—leading to further infiltration.
4. Social Engineering
The attackers, identified as the North Korean Lazarus Group, used social engineering methods to gain initial access. They hosted a domain impersonating Bybit’s “assessment” site and distributed malware there. This approach was consistent with the group’s known tactics in prior high-profile attacks.
How Colossus Digital Institutional Hub addresses these threats
The Colossus Digital Institutional Hub incorporates multiple security features designed to mitigate precisely these vulnerabilities, focusing on minimal external dependencies, transparent transaction crafting, and cryptographically sound approvals.
1. Elimination of unnecessary layers
Colossus avoids dApps, widgets, or third-party add-ons that can expand the attack surface. It emphasizes secure, raw transaction processes end to end.
Why it helps
Fewer Potential Breach Points: By not relying on extra components (e.g., Safe UI, WalletConnect), the hub reduces any possible insertion points for malicious code.
2. Multi-Party Crafting
A cryptographic approach built on threshold Verifiable Secret Sharing (VSS). Each participant provides a piece of a transaction, which only becomes valid once all (or the minimum threshold) of correct shares align.
How it works
Each user sets parameters for a transaction.
The transaction is split into multiple shares, with only one share transmitted initially.
Once enough shares are present, the system tries to “reconstruct” the transaction.
If reconstruction fails, it halts. If successful, it proceeds with mathematically verified authenticity.
Why it helps
Protects Against Malware: Even if some signers are compromised, attackers must breach the threshold of valid shares to alter a transaction.
Prevents Hidden Manipulation: No single device or user can change the transaction behind others’ backs, because all shares must match the intended parameters.
3. Transaction Lens
A system that displays raw transaction data in detail, letting signers confirm exactly what they’re approving (including addresses, function calls, and amounts).
Components:
Serialized Transaction validated through VSS.
Transaction Hash: a unique hash signers verify and sign.
Decoded JSON: parameters (destination address, amounts, etc.) shown in human-readable form.
Optional Simulation: link to run the transaction in a simulation environment for clarity on final results.
State Changes: a summary of post-transaction balances or storage updates.
Why It helps
No Blind Signing: Users can independently confirm the “implementation address” or other critical fields.
Immediate Error Detection: If any detail (like a malicious contract reference) differs from expectations, signers can refuse to proceed.
4. Transaction confirmation with Colossus Decoder
The Colossus Decoder enables users to decode and verify raw transaction data before signing, ensuring transparency and security. It prevents blind signing by converting the transaction data into a human-readable JSON format, allowing signers to inspect all transaction details.
Why It helps
Prevents Blind Signing: Ensures signers can verify contract interactions and transaction destinations before signing.
Detects Errors & Manipulations: Any discrepancies, such as incorrect recipient addresses or unexpected function calls, become immediately visible.
Enhances Security: Reduces risks associated with transaction tampering, phishing attacks, or malicious contract executions.
Watch the Demo to see how Institutional Hub works!
To conclude…
The Bybit hack starkly illustrates how a mix of multi-sig weaknesses, third-party dependencies, and minimal oversight of transaction details can lead to catastrophic losses.
But, considering what explained about Colossus Digital features:
Eliminating Additional Layers prevents extraneous vulnerabilities.
Multi-Party Crafting ensures cryptographic certainty in transaction creation.
Transaction Lens provides full visibility, so signers never approve unknown or manipulated operations.
Colossus Decoder enables users to decode and verify raw transaction data before signing, giving another source for verification.
By applying these principles, institutional entities can substantially lower the risk of sophisticated exploits and build trust in their digital asset operations. The Colossus Digital Institutional Hub stands as an example of how advanced cryptographic methods and transparent signing processes help safeguard vital assets in an evolving threat landscape.