Bybit Compensation Manager’s Self-Embezzlement Analysis Vulnerabilities and Improvements in Blockchain Enterprise Financial Management

Analysis of Bybit Compensation Manager's Self-Embezzlement Vulnerabilities and Improvements in Blockchain Financial Management

Author | TaxDAO

Blockchain Wu reported on July 28th an event titled “Full Text of the Mysterious Case: Bybit Payroll Manager Steals a Large Amount of USDT – Singapore Court Explains the Cryptocurrency Property”. This event has sparked a lot of discussion in the industry. This article will analyze and summarize it from a financial management perspective.

Event Overview

The cryptocurrency exchange Bybit sued Ho, the person in charge of paying wages within the company, for abusing her authority and transferring a large amount of USDT to an address secretly owned and controlled by her. The Singapore High Court’s ordinary court upheld the judgment on July 25th, ruling that Ho must immediately pay Bybit all the transferred funds and interest.

Event Details Analysis

ByBit Fintech Limited (“ByBit”) seeks a judgment against the first defendant, named Ho Kai Xin (“Ho”). The accusation against her is that she violated her employment contract and abused her position by transferring some USDT to an address secretly owned and controlled by her, as well as transferring some fiat currency to her own bank account. The main relief sought is to declare Ho as the custodian of USDT and fiat currency for ByBit. Therefore, ByBit requests the return of the same or traceable profits, or the payment of an equivalent amount.

From the above details, it can be concluded that:

1. Ho has full control over the cryptocurrency and fiat currency accounts related to payroll, without multi-level authorization.

2. There are significant loopholes in the fund control process (even if the loss is only 1 US dollar, the internal control related to the account is still a significant loophole).

3. As part of her duties, Ho maintains a Microsoft Excel spreadsheet that records the cash and cryptocurrency payments to be made to ByBit employees each month (referred to as the “Fiat Excel File” and “Cryptocurrency Excel File” respectively). ByBit’s employees can and do frequently change their designated addresses by communicating with Ho, and then Ho updates the cryptocurrency Excel file. Only Ho can update the cryptocurrency Excel file, and only she has access to these files, except that she needs to submit the cryptocurrency Excel file to her immediate supervisor Casandra Teo for approval every month.

From the above details, it can be concluded that:

1. The process of collecting payroll addresses is relatively casual and can be modified at will, leaving no trace.

2. The review of payroll addresses is not only formal, but the review materials come from a single source, making it impossible to confirm whether the receiving addresses are genuine or forged.

3. On September 7, 2022, ByBit discovered eight unusual cryptocurrency payments (“abnormal transactions”) that occurred between May 31 and August 31, 2022, involving a large amount of USDT transferred to four addresses (referred to as addresses 1, 2, 3, and 4). A total of 4,209,720 USDT (“cryptocurrency assets”) were transferred. USDT is named because its value is pegged to the US dollar, and each USDT gives its holder (the “verified customer” of the issuer Tether Limited) contractual rights to exchange their USDT for US dollars. These abnormal transactions were recorded in an Excel spreadsheet (“Reconciliation Excel File”), and Ho was assigned to explain these discrepancies. Initially, Ho attributed the abnormal transactions to inadvertent errors or technical errors and proposed calculations to recover the amount to be collected from ByBit’s employees.

From the above details, we can conclude:

1. Bybit should have a reconciliation process internally, but it may be delayed due to the inability of the middle and back offices to keep up with the high business volume.

2. The cost of fixing the problem afterwards is far greater than the cost of planning ahead.

3. ByBit also discovered that Ms. Ho caused $117,238.46 (“fiat assets”) to be paid into her personal bank account in May 2022. It is indisputable that Ms. Ho has no right to receive fiat currency.

From the above details, we can conclude:

1. The fiat currency account has also been compromised, and it is puzzling why the traditional process of fiat payroll, both in terms of workflow and tool examples, should be countless.

2. Even if it is necessary to hand over the payment and authorization to HR for the sake of salary confidentiality (some work is beyond financial control), the basic production of salary sheets, bank payment actions, and authorization need to be separated.

Applicable Financial Management Concepts for Web3

After years of development, Web3 has not only produced many business giants but also attracted more and more people from Web2. Combined with the evolution of regulatory and compliance environments in recent years, necessary financial management ideas and methods need to be taken seriously by more and more Web3 companies.

1. Protecting the security of crypto and fiat accounts: isolating risks, separating basic information collection nodes, operation nodes, and authorization nodes, and verifying the same information from different sources at each node to avoid having only one source of information without the ability to compare and trace.

2. Financial verification mechanism: such as regular reconciliation and bookkeeping, verifying the same information from different sources, avoiding having only one source of information without the ability to compare and trace, and the frequency should not exceed one month. The verification mechanism ensures the “business cycle” (no better word than “cycle” comes to mind), that is, the correct occurrence of matters and their verification against each other.

3. Accounting records – including cryptocurrencies: complete and valid accounting records and traceable evidence chains will greatly reduce the risk of internal control failure and use accounting records for business management and compliance obligations (the collapse of FTX and its chaotic accounting records are also related).

4. The necessity of internal control: It is important to have a sense of business management and internal control. If you can cooperate with excellent automated management software that has internalized a wealth of experience in internal control, accounting, and taxation, you can maximize the stability and long-term development of your crypto business.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!


Was this article helpful?

93 out of 132 found this helpful

Discover more


Latest article by Vitalik: Keeping it Simple and Avoiding Ethereum Consensus Overload

We should maintain the minimalism of the chain, support the use of re-staking, instead of expanding the role of Ether...


IOSG Weekly Report EigenLayer, the Year of Heavy Staking

In the past year, EigenLayer has released a whitepaper, completed a Series A financing of 50 million US dollars, and ...


EigenLayer Official Inventory of 12 Early-stage Projects in the Ecosystem

EigenLayer officially listed 12 early-stage projects in its ecosystem, namely AltLayer, Blockless, Celo, Drosera, Esp...


EigenLayer has been deployed on the Ethereum mainnet

The Ethereum-based EigenLayer protocol for heavy staking has deployed its first phase on the Ethereum mainnet and o...


EigenDA Introduction Ultra-Large-Scale Data Availability for Rollups

EigenDA is a secure, high-throughput, and decentralized data availability (DA) service built on top of Ethereum using...


IOSG EigenLayer reshaping returns - the model and returns of re-staking

EigenLayer offers a new way to understand network security, called re-staking, which can protect the security of mult...