GuShiio.com The only thing you can trust is technology, not “people” or “platforms.”
Author: Yue Xiaoyu
1. First explain in plain English how Bybit was stolen:
Bybit uses a Safe multi-signature wallet with a signature setting of 3/3, which means that three people are required to sign to complete the transaction, and each signer uses a hardware cold wallet.
Safe, an old-fashioned multi-signed smart contract, has been verified for many years. There is no problem with itself. Moreover, the signer uses a hardware cold wallet. The private key is physically isolated, and the private key is not connected to the Internet.
Multiple wallet signing + cold wallet can be said to be the safest wallet method at present.
But why was it stolen?
Hackers use social engineering attacks.
There is no way to directly break through technically, so attack people directly.
The hackers first hacked into the computers of the three signers, and then secretly changed the signatures while they were doing daily operations (such as transferring money and signing).
The signers thought they were signing a normal transaction on the web page, but in fact the hackers replaced the content with malicious signatures, such as upgrading the Safe contract to a malicious contract they had already prepared.
The three signers unknowingly signed, but the hacker used this malicious contract to withdraw all the money.
2. What exactly is a social engineering attack?
Social engineering attacks are an attack method with very high attack costs and complex attack methods, but also very effective.
In this attack, the exchange itself has used all the means with the highest security factor, signing multiple smart contracts, hard wallet equipment, and strict offline corporate organization, but in the end it was still unable to prevent this kind of social engineering attack.
The hacker directly located several signers who had signed more, and hacking into the signer’s computer was an easier breakthrough.
How to hack into a staff member’s computer?
Specific methods include sending phishing emails, implanting malware, or exploiting loopholes in the signer’s personal security habits (such as using weak passwords and not using two-factor verification).
Once a computer is hacked, hackers can control staff equipment and tamper with arbitrary information.
Social engineering attacks are highly covert. The signer may think that he has completed his daily work, and the system log records legal operations such as contract upgrades rather than obvious transfers of funds.
Bybit didn’t react until the money was taken away, but it was too late.
Of course, social engineering attacks are not unpreventable. They require a rigorous set of methods and long-term protection.
The best way is to strongly control the related equipment of personnel within the enterprise and the behavioral changes of the personnel themselves, such as the isolation and use of special equipment, equipment whitelisting and monitoring, regular inspections and updates, etc.
3. What will happen if Bybit is stolen?
First, let’s see if Bybit has the ability to withstand the recent run on user withdrawals. If Bybit cannot withstand it, it will be another FTX, and even directly drag our industry into a new round of bear market;
Second, see if Bybit has the ability to pay for stolen funds. If it is unable to pay, it will directly declare bankruptcy, which may also drag our industry into a bear market.
So what is Bybit’s current financial situation?
Bybit is the world’s second largest cryptocurrency exchange, with an average daily trading volume of US$36 billion and more than 60 million users. With such a large size, the ability to make money must be good.
It is generally estimated in the industry that head exchanges like Bybit mainly make money through methods such as handling fees, interest on leveraged transactions, and sharing of wealth management products.Annual net income fluctuates between $1.5 billion and $5 billion。
Take a look at Bybit’s asset size.Before the theft, its total reserve assets were said to have exceeded $16 billion.
In this way, the gap of 1.5 billion yuan accounts for less than 10% of total assets, which is not considered fatal.
Moreover, Ben Zhou, CEO of Bybit, publicly said that customer assets are endorsed 1:1, which means that user funds are guaranteed, and the funding gap created after theft mainly eats the company’s own profits and reserves.
In short, it can be divided into three situations:
Best case scenario:The run stabilized, Bybit used loans and its own assets to make up for the remaining hole and recovered within half a year. Market confidence is picking up and the industry continues to bull market.
Intermediate situation:The run lasted for a while but did not get out of control. Bybit had to tighten its belt and live a life, dividing its profits into a few years, and slowly filling the hole. The industry was affected by the impact, with ETH and altcoins pulling back, but it was not a bear market.
Worst case scenario:The run was out of control, Bybit couldn’t hold on to bankruptcy, the 1.5 billion hole triggered a crisis of trust, the industry fell short, and the bear market came early.
4. What is the inspiration for our ordinary users?
Many people say: Xiaobai users should not have their own private keys. It is not safe. It is safer to keep their funds on the exchange. rdquo;
The continuous theft of exchanges is a powerful refutation of such remarks.
Don’t be superstitious about the technical strength of the exchange or the security of the exchange. In fact, the potential risks of the exchange are very large.
Why are exchanges more potentially risky?
The biggest risk of this centralized platform is that all user assets are stored centrally, which actually becomes a big target for concentrated attacks.
There is no absolutely safe system in the world. All systems may be compromised, but attacks come at a cost, so it depends on how much the revenue your target will receive.
When the benefits of an attack are large enough, the means and costs of the attack will also be amplified.
The exchange is a significant big target. The wallet address of the exchange is basically public, and the capital flow is also public. As long as more resources are invested in attacking, it will eventually be breached one day.
Then, the only thing we can trust is technology, not people or platforms.
Therefore, we still need to appeal here. Ordinary users should still use decentralized wallets as much as possible and have their own private keys, or go further, directly use private key wallets.
Web3The world is a dark forest. We are both hunters and prey. We must be cautious at every step. Only in this way can we live longer and go further.
Welcome to join the official social community of Shenchao TechFlow
Telegram subscription group: www.gushiio.com/TechFlowDaily
Official Twitter account: www.gushiio.com/TechFlowPost
Twitter英文账号:https://www.gushiio.com/DeFlow_Intern
