The recent Bybit hack, the largest crypto theft in history, has exposed a hard truth: Web3’s greatest security threat isn’t just sophisticated hackers—it’s the industry’s continued reliance on Web2 infrastructure.
As security breaches become more common, it’s clear that Web3 is facing a problem. From nodes run on AWS to entire dApps choosing Google Cloud for their front end, Web3 remains tethered to the Web2 tech stack despite its vision of a decentralized future. This introduces single points of failure into the design philosophy that once made it a point to avoid those.
Dissecting the ByBit Hack
According to forensic reports from Sygnia and Verichains, the Bybit attack was made possible by a compromise in Safe{Wallet}’s AWS infrastructure—specifically, its S3 bucket or CloudFront account/API key. The attackers injected malicious code into two critical JavaScript files. These files controlled core wallet functions, allowing attackers to manipulate transactions without detection. Timestamped February 19, 2025, the files were found in browser caches of Bybit’s signers. Wayback Machine archives confirmed the malicious code was served directly from Safe{Wallet}’s infrastructure—not a local compromise. In short, this was an inside job at the infrastructure level, bypassing every supposed security measure. And it worked.
This was not a brute-force attack. It was a surgical strike against the weakest link: Web3’s blind faith in Web2 infrastructure. The attack unfolded in several calculated steps. First, the malicious JavaScript code lay dormant, activating only when transactions originated from preselected addresses, including Bybit’s cold wallet. Next, when a legitimate transaction was initiated, the malicious code quietly altered key parameters, rerouting funds to the attacker’s contract, while maintaining the illusion of legitimacy. Then, the attackers used the DELEGATECALL function to swap Safe{Wallet}’s contract implementation with their own, granting them unrestricted control. Finally, once inside, they executed the sweepETH and sweepERC20 functions, draining Bybit’s cold wallet with impunity.
This level of precision isn’t luck—it’s strategy. It’s a strategy that will continue working as long as Web3 continues to rely on Web2 architecture.
Web3’s Achilles’ Heel: Web2 Tech
The ByBit hack is not the only case of a Web2 attack vector exploited to target a Web3 service. Major exchanges and platforms have fallen victim to attacks that reveal systemic vulnerabilities. In fact, The BadgerDAO hack serves as another example—attackers compromised Cloudfare API keys to inject malicious JavaScript into the frontend interface. When users approved transactions, the script redirected funds to attacker-controlled addresses. This Web2 infrastructure attack resulted in losses of around $120 million. The Bybit exploit follows a pattern seen in other major incidents: While a wannabe script kid might dog people down for their private keys pretending to be a DEX’s tech support, a sophisticated attacker can wreak havoc with a sophisticated attack on the various parts of the Web2 stack that Web3 services still rely on.
The attackers behind the Bybit breach leveraged a cross-platform toolkit designed to evade detection across multiple operating systems, including Windows and MacOS. More importantly, they exploited Web3’s Achilles’ heel: the Web2 stack, which is sometimes home to such critical assets as access credentials or infrastructure components are stored.
This industrialized approach to hacking isn’t new, but its success against Web3 platforms highlights a troubling reality: as long as the crypto industry depends on Web2 infrastructure, it will remain vulnerable to the same security failures that centralized platforms have struggled with for years.
Web3’s Secret: It’s Not Fully Decentralized
The Bybit hack lays bare (once again!) an inconvenient truth: Web3 isn’t completely decentralized—it’s Web2 with extra steps. Crypto platforms still rely on AWS, Google Cloud, and other traditional services for critical operations. This reliance is dangerous. Single points of failure mean that if a cloud service API key is compromised, entire ecosystems can crumble. Infrastructure-based attacks allow hackers to bypass smart contract security altogether. Regulatory risks arise as centralized reliance on Web2 contradicts the ethos of decentralization and exposes projects to government interference.
The industry must decide: does it truly believe in decentralization, or is it just a gimmick?
The Urgent Need for Real Security
The Bybit breach is a final warning. Crypto security must evolve beyond outdated models. The industry needs fundamental changes. Decentralizing infrastructure is no longer optional—it is necessary for survival. Supply chain security must be rethought, with strict audits and redundancy checks implemented on every third-party dependency. Zero-trust architectures should be adopted, assuming every system component can be compromised and designing security accordingly. The human attack vector must be closed, as social engineering continues to work due to inadequate security training and authentication methods.
The cybersecurity industry is already waking up to the challenge, thankfully, embracing decentralization too. One example is using the DePIN model to source the computational power and bandwidth needed to run security services. Consumer devices all around the world make for a vast and untapped source of computing, and leveraging them for cybersecurity while rewarding their owners is a great example of how the industry can move towards a true Web3 paradigm.
The Bybit hack was not an accident. In a way, it was inevitable: If the potential loot is worth the effort, an experienced hacker crew would walk the extra mile to seize it. As long as Web3 continues to rely on Web2 infrastructure, it will remain exposed to the same vulnerabilities that have plagued centralized systems for decades. The era of reactive security measures is over. Web3 was meant to be a revolution. Right now, it’s just a rebrand. Until there are changes made, these attacks will continue—only next time, the consequences could be far worse.
The post Opinion: Bybit Hack Proves Crypto Cybersecurity Is a Giant on Clay Feet appeared first on Cryptonews.
