The “flawed design of the EVM” was the cause of the Bybit hack, according to Blockstream co-founder and cryptographer Adam Back.
people are misunderstanding critique of repeated EVM hacks, latest & largest ByBit $1.4b. missing the point: EVM can go to ZERO, no one cares! but MSM & bystanders are confused, problem is the EVM dumpster fire hurts ecosystem credibility, which unfairly bleeds over to #bitcoin
— Adam Back (@adam3us) February 23, 2025
According to the exchange’s official statement, the incident occurred during the transfer of ETH from a cold multisig wallet to a hot wallet.
The attackers altered the transaction signing interface so that all participants saw the correct address. Meanwhile, the smart contract logic was changed, allowing hackers to gain control over the Ethereum wallet.
“EVM can go to zero, and no one cares. The problem is that the Ethereum Virtual Machine damages the ecosystem’s credibility, which unfairly affects Bitcoin,” the expert noted.
Back described the EVM as “complex, fragile, and insecure.”
“They have been losing billions annually for several years in a row […]. It has been zero days since a nine-figure loss on ETH,” he lamented.
According to Back, the Bybit incident is unrelated to the security of hardware wallets and is due to the complexity of the EVM in correctly verifying transactions.
Unlike the second-largest cryptocurrency by market capitalization, the Bitcoin ecosystem is free from such vulnerabilities, he added.
“The whole point of HWW [hardware wallets] is to check on the device screen how much you are paying and to which address. This doesn’t work with ETH due to the complexity of the EVM and the state size. That’s the problem. ETH on HWW didn’t even display addresses for Bybit,” explained the Blockstream co-founder.
In an interview with Cointelegraph, Hacken CEO Dima Budorin questioned Back’s stance. In his view, vulnerabilities and complexities in using multisig wallets pose challenges common to all ecosystems, including Bitcoin.
“Even such systems in digital gold, despite their simplicity, remain susceptible to risks like human error, phishing, or advanced attacks focusing on signers’ devices and workflows,” he explained.
Global Ledger co-founder Lex Fisun supported Budorin.
The specialist stated that only one ETH address was compromised in the Bybit incident. He suggested this was due to “weaknesses in operational security around cold wallet transfers, rather than a fundamental flaw in the EVM.”
“The exploit may have originated in the virtual machine, but we cannot confirm this at the moment,” he noted.
Bybit declined to comment on whether they believe the EVM played a role in the security breach.
Experts from Arkham Intelligence have linked the incident to the North Korean Lazarus Group.
Earlier, Back stated that advancements in quantum computing are more likely to strengthen Bitcoin rather than destroy it.