Bybit Hack：深入研究安全措施和經驗教訓

考慮到價值$ 1.4B的Bybit Exchange Hack成為歷史上最大的，它要求我們學習有關該平台的可靠性以及整個加密行業的安全性的關鍵課程。

Considering that the Bybit exchange hack worth $1.4B became the largest in history, it requires us to learn crucial lessons about the reliability of this platform and the security of the whole crypto industry.

考慮到價值$ 1.4B的Bybit Exchange Hack成為歷史上最大的，它要求我們學習有關該平台的可靠性以及整個加密行業的安全性的關鍵課程。

Here, we will delve deeply into Bybit’s system security measures, as well as funds and customer protection, to better understand how one of the biggest crypto platforms with millions of users worldwide became a victim of a successful cyber attack.

在這裡，我們將深入研究BYBIT的系統安全措施，以及資金和客戶保護，以更好地了解最大的加密平台之一，全球數百萬用戶成為成功的網絡攻擊的受害者。

Was Bybit Hacked?

拜百比被黑客入侵嗎？

First things first, and let’s get a clear definition of “hack” and determine whether Bybit hacked. Hack means that some system has a vulnerability, and bad actors explored and exploited it earlier than the security team could fix it.

首先，首先，讓我們清楚地定義“黑客”，並確定Bybit是否被黑客入侵。 HACK意味著某些系統具有脆弱性，而壞演員比安全團隊更早地探索和利用了它。

Thus, from a purely technical standpoint, a system can be considered hacked if:It has a known or zero-day vulnerability that was exploited by an attacker.The attacker gained unauthorized access to the system's internals or data.

因此，從純技術的角度來看，如果它具有攻擊者利用的已知或零日漏洞，則可以將系統視為黑客入侵。攻擊者獲得了對系統內部或數據的未經授權訪問。

Let’s evaluate this from a technical perspective, with the recent research from two cybersecurity firms, Verichains and Sygnia Labs, being particularly helpful. Specifically, Verichains’ report clarifies that the issue was not on Bybit’s side but rather in the multi-sign service Safe:Proxy wallet management compromiseSpoofs the logic of the proxy contractFunds withdrawal

讓我們從技術角度評估這一點，這是來自兩家網絡安全公司Verichains和Sygnia Labs的最新研究，特別有用。具體而言，Verichains的報告澄清說，該問題不是在Bybit的一邊，而是在Multi-Sign Service安全中：代理錢包管理損害了代理合同文件撤回的邏輯

Does This Mean That Bybit Was Not Hacked?

這是否意味著Bybit沒有被黑客入侵？

First, let’s answer another question: Can a hack only occur due to technical reasons? Not really, because today’s systems are mostly too complex, meaning an attacker must develop a sophisticated attack that includes both technical vulnerabilities in the target system or its integrations, as well as social engineering, where the targets are internal staff, vendors, etc.

首先，讓我們回答另一個問題：僅由於技術原因而出現黑客攻擊？並非如此，因為今天的系統大多太複雜了，這意味著攻擊者必須開發出複雜的攻擊，其中包括目標系統中的技術漏洞或其集成以及目標是內部人員，供應商，等等的社會工程學。

Therefore, dividing attack tactics and scenarios into technical and non-technical categories does not provide a clear-cut definition, and it’s better to assess it based on the outcome.

因此，將攻擊策略和場景分為技術和非技術類別並不能提供明確的定義，並且最好根據結果對其進行評估。

One of the classic and precise ways to evaluate this is the CIA triad, which states that a system should be designed to ensure that its information maintains three key principles: Confidentiality, Integrity, and Availability.

CIA三合會的經典和精確的方法之一是，該方法應設計系統以確保其信息保持三個關鍵原則：機密性，完整性和可用性。

Confidentiality – Not Compromised Overall

機密性 - 總體上不妥協

Integrity – Compromised, But Not in Bybit’s Infrastructure

誠信 - 受到妥協，但不在Bybit的基礎架構中

Availability – Not Compromised Overall

可用性 - 總體上不妥協

After reviewing this situation from multiple perspectives, we can conclude that, strictly speaking, Bybit was not hacked, but it was subjected to a sophisticated and successful attack by the Lazarus Group, as discovered ZachXBT. Although the investigation is still ongoing, the latest reports indicate that Bybit’s systems, infrastructure, and data were not compromised, further confirming my initial assumption.

在從多個角度審查了這種情況之後，我們可以得出結論，嚴格來說，bybit並未被黑客入侵，但正如發現的Zachxbt所發現的那樣，Lazarus集團受到了複雜而成功的攻擊。儘管調查仍在進行中，但最新報告表明，BYBIT的系統，基礎架構和數據沒有受到損害，進一步證實了我的最初假設。

Bybit Security Measures

BYBIT安全措施

Let’s use an analogy: suppose a criminal decides to rob a bank. If the bank lacks proper security, they can simply walk in, make threats, and leave with the stolen money. However, with many cameras and guards, the attacker will be forced to look for alternative ways to carry out the heist—otherwise, the risk would be too high.

讓我們使用一個類比：假設犯罪分子決定搶劫銀行。如果銀行缺乏適當的安全性，他們可以簡單地走進去，威脅並以被盜的錢離開。但是，有了許多攝像頭和警衛，攻擊者將被迫尋找替代方法來執行搶劫 - 否則，風險將太高。

Now, this leads us to the logical conclusion that since the attackers chose not to conduct a direct attack but instead carried out a more complex and costly operation, it indicates that Bybit is well-protected against direct intrusions.

現在，這使我們得出了一個合乎邏輯的結論：由於攻擊者選擇不進行直接攻擊，而是進行了更複雜和昂貴的操作，因此表明BYBIT在直接侵入中受到了良好的保護。

Let’s look at the specific security mechanisms and protective measures Bybit has in place, which forced the attackers to compromise intermediaries rather than the platform itself.

讓我們看一下Bybit擁有的特定安全機制和保護措施，這迫使攻擊者妥協中介而不是平臺本身。

Asset Protection: Cold Wallets and Cryptographic Security

資產保護：冷錢包和加密安全

Bybit places significant emphasis on the secure storage of assets, and ironically, this was not enough to prevent the incident. Specifically, they store the majority of funds in cold wallets, withdrawing a portion every three weeks to facilitate user withdrawals and other platform operations. In this context, they implement a triple-layer security system:Multi-Signature Authentication – Requiring multiple independent signatures for withdrawals from cold wallets, preventing unauthorized access.Trusted Execution Environment (TEE) – A secure execution environment that protects critical operations from external attacks.Threshold Signature Schemes (TSS) – Distributing signing authority among multiple independent participants to eliminate single points of failure.

Bybit對資產的安全存儲非常重視，具有諷刺意味的是，這還不足以防止這一事件。具體來說，他們將大部分資金存儲在冷錢包中，每三週撤回一部分，以促進用戶提取和其他平台操作。在這種情況下，他們實現了三層安全系統：多符號身份驗證 - 需要多個獨立簽名來從冷錢包中提取撤回，以防止未經授權的訪問權限（TEE） - 一個安全的執行環境（一個安全的執行環境），可以保護關鍵操作，從而在外部攻擊中侵害了外部攻擊，以觸發多個獨立的參與者，以分配多個獨立的參與者。

However, as we now know, the third-party Multi-Signature Authentication service turned out to be one of the weak points. Yet, everything under Bybit’s direct control remained secure—otherwise, we would have seen all of the exchange’s funds be stored in hot wallets, exposed to direct attacks, and putting not just some wallets but the entire platform at risk.

但是，眾所周知，第三方多簽名身份驗證服務被證明是弱點之一。但是，Bybit下的直接控制下的一切都保持安全 - 否則，我們會看到交易所的所有資金都存儲在熱錢包中，暴露於直接攻擊中，不僅將某些錢包置於風險的危險中。

Real-Time Transaction Monitoring and Control

實時交易監控和控制

As a part of its risk control system, Bybit implements continuous analysis of user activity and transactions.

作為其風險控制系統的一部分，Bybit對用戶活動和交易進行了連續分析。

User Behavior Analysis – The exchange detects and analyzes suspicious activities such as logins from new devices, abnormal transaction volumes, or IP address changes.Automated Authentication Enhancement – If the system detects deviations from normal behavior, such as an attempt to withdraw large amounts of funds, the user will be required to undergo additional identity verification.Notification and Logging System – Any changes to the account, login attempts, API key modifications, or large withdrawals are instantly recorded and reported to

用戶行為分析 - 交換可以檢測和分析可疑活動，例如從新設備登錄，不正常的交易或IP地址變化立即記錄並報告給