Bybit創始人提出了對Multisig Wallet提供商安全可能已被妥協的擔憂，使黑客可以竊取$ 1.4B的ETH

週在現場直播中解釋說，攻擊是針對拜比特（Bybit）以太坊冷錢包的攻擊

Cryptocurrency exchange Bybit has fallen victim to a large-scale attack, with hackers making off with a total of $1.4 billion in Ethereum. The attack was carried out by manipulating a multisig wallet transaction, ultimately leading to the theft of the funds from Bybit's Ethereum cold wallet.

加密貨幣交易所Bybit遭受了大規模襲擊的受害者，黑客以以太坊的總計14億美元降低了。這次襲擊是通過操縱Multisig Wallet交易來進行的，最終導致Bybit的Ethereum Cold Wallet盜竊了資金。

According to Bybit founder and CEO Ben Zhou, the attackers were able to alter the signing message during the transaction process, ultimately allowing them to modify the smart contract logic of the cold wallet and gain control over its funds. The attack was carried out in a way that made it appear as a legitimate Safe transaction, with an altered URL that redirected users to the official Safe website.

根據Bybit創始人兼首席執行官Ben Zhou的說法，攻擊者能夠在交易過程中更改簽名消息，最終使他們能夠修改冷錢包的智能合同邏輯並獲得對其資金的控制權。攻擊是以使其作為合法安全交易的方式進行的，其URL已更改，將用戶重定向到官方安全網站。

“It was a normal URL. I double-checked. It was the Safe URL from the official Safe website. We always use the official website,” stated Zhou during a live stream.

“這是一個普通的URL。我仔細檢查了。這是官方安全網站的安全URL。我們總是使用官方網站。”在直播期間說。

As part of standard security measures, Zhou recounted how he personally verified the UI and ensured that the destination address matched Bybit's warm wallet before approving the transfer. However, the manipulation of the signing message went undetected during the approval process.

作為標準安全措施的一部分，週回到了他如何親自驗證UI的方式，並確保目標地址在批准轉移之前與Bybit的溫暖錢包相匹配。但是，在批准過程中未發現簽名消息的操縱。

“The hacker changed that transaction into upgrading or changing the Safe smart contract logic so that he gained control over the entire Ethereum cold wallet,” explained Zhou.

“黑客將這筆交易改為升級或更改安全的智能合同邏輯，以使他能夠控制整個以太坊冷藏錢包，” Zhou解釋說。

The stolen funds were not limited to Bybit's own holdings, with a significant portion being borrowed from partners to maintain liquidity during the attack. The total amount stolen includes:

被盜的資金不僅限於拜比特自己的股份，其中很大一部分是從合作夥伴那裡借來的，以維持襲擊時的流動性。被盜的總金額包括：

Bybit client funds: $340 million

Bybit客戶資金：3.4億美元

Funds borrowed from Genesis: $290 million

從創世紀借來的資金：2.9億美元

Funds borrowed from BlockFi: $120 million

從Blockfi借來的資金：1.2億美元

Funds borrowed from Five Star: $640 million

從五星級借來的資金：6.4億美元

Despite the large-scale attack, Zhou assured users that withdrawals are still open, although processing times have increased due to a surge in requests. At one point, Bybit was handling nearly 100 times the normal withdrawal volume.

儘管發生了大規模的攻擊，但周向用戶保證，提款仍開放，儘管由於請求激增，處理時間增加了。在某一時刻，Bybit處理了正常戒斷量的近100倍。

“Withdrawals are still open, but processing times may vary. At the peak, we were handling nearly 100x the normal withdrawal volume,” stated Zhou.

“取款仍然開放，但是處理時間可能會有所不同。在高峰期，我們正在處理近100倍正常的戒斷體積。”周說。

According to the Bybit founder, the exchange is currently relying on a bridge loan from partners to maintain liquidity while they work to resolve the issue.

根據Bybit創始人的說法，該交易所目前依靠合作夥伴的橋樑貸款來維持流動性來解決該問題。

“We are not currently buying ETH. We secured almost 80% of the stolen amount as a bridge loan to maintain liquidity,” confirmed Zhou.

“我們目前沒有購買ETH。我們確認，我們將近80％的被盜金額作為橋樑貸款來維持流動性。”

suggesting that the stolen funds may still be recoverable. Following the attack, Safe has paused its services to conduct further internal investigations.

暗示被盜資金可能仍然可以收回。襲擊發生後，安全暫停了其服務以進行進一步的內部調查。

“It could be that the Safe server was hacked, but we don't know yet. We are actively working with Safe to uncover what happened,” stated Zhou.

“可能是安全服務器被黑客入侵，但我們還不知道。我們正在積極地與安全合作，以發現發生的事情。”周說。

In an effort to track and recover the stolen assets, Bybit has received support from several major cryptocurrency exchanges, including Binance, MEXC, and Gate. These exchanges have pledged to assist in monitoring and blocking the movement of the stolen funds.

為了追踪和恢復被盜資產，Bybit已獲得了包括Binance，MEXC和Gate在內的幾個主要加密貨幣交易所的支持。這些交流已承諾協助監視和阻止被盜資金的移動。

Additionally, Zhou urged the involvement of security firms and blockchain analysts in hopes of freezing the stolen Ethereum before it could be laundered.

此外，周敦促安全公司和區塊鏈分析師參與，希望在洗錢之前凍結被盜的以太坊。

“We hope that security firms and blockchain analysts can help us track this stolen ETH and get it frozen before they can be laundered,” stated Zhou.

周說：“我們希望安全公司和區塊鏈分析師能夠幫助我們跟踪這種被盜的ETH並在洗錢之前將其冷凍。”

Bybit has confirmed that it possesses the financial reserves to cover client losses, with the stolen Ethereum constituting only a fraction of the exchange's total assets. The company also stated that they will continue updating users on the situation as the investigation progresses.

拜比特（Bybit）已經確認，它擁有財務儲備以彌補客戶損失，而被盜的以太坊僅佔交易所總資產的一小部分。該公司還表示，隨著調查的進行，他們將繼續向用戶更新用戶。

“We will continue enhancing our security measures and keeping you updated on the investigation,” stated Bybit.

Bybit說：“我們將繼續增強我們的安全措施，並使您對調查進行最新消息。”