Bybit Hack：以太坊要責備嗎？

上週巨大的15億美元黑客黑客攻擊已經引發了整個加密貨幣社區的激烈討論，一些行業的聲音辯稱

A colossal $1.5 billion hack of Bybit last week has sparked fierce discussions across the crypto community, with some industry voices contending that Ethereum’s design might have played a role. The theft of approximately 401,000 Ether (ETH) — orchestrated by the North Korean Lazarus Group — has raised questions about whether Ethereum’s complexity makes its ecosystem uniquely vulnerable to sophisticated exploits, or if the blame rests elsewhere.

上週巨大的15億美元黑客攻擊了15億美元的黑客攻擊，引發了整個加密貨幣社區的激烈討論，一些行業的聲音辯稱，以太坊的設計可能發揮了作用。由北朝鮮拉撒路集團精心策劃的大約401,000 Ether（ETH）的盜竊提出了有關以太坊的複雜性是否使其生態系統的獨特易受複雜利用的攻擊，或者責備是否放在其他地方。

The hack reportedly took place during a standard transfer from Bybit’s cold wallet to a warm wallet. According to the exchange’s official statement on X, the transaction “was manipulated through a sophisticated attack that masked the signing interface,” which displayed the correct address but altered the underlying smart contract logic. This manipulation allowed the attackers to wrest control of the cold wallet and shift the funds into a private address.

據報導，該黑客是在從拜比特的冷錢包到溫暖錢包的標準轉移期間進行的。根據交易所在X上的官方聲明，該交易“是通過掩蓋簽名接口的複雜攻擊來操縱的，該交易顯示了正確的地址，但改變了基礎的智能合約邏輯。這種操縱使攻擊者可以控制對冷錢包的控制，並將資金轉移到私人地址。

Some in the crypto space have proposed rolling back the blockchain to recover the stolen funds, drawing parallels to the 2016 DAO hack rollback. Proponents argue this could restore trust and deter future large-scale attacks. However, core developer Tim Beiko quickly dismissed such ideas as “technically intractable,” warning that tampering with the ledger could undermine the blockchain’s core promise of immutability.

加密貨幣空間中的一些人提議向後回滾區塊鏈以收回被盜的資金，使2016年DAO Hack Rollback的相似之處。支持者認為，這可以恢復信任並阻止未來的大規模攻擊。但是，核心開發人員蒂姆·貝科（Tim Beiko）迅速駁斥了諸如“技術上棘手”之類的想法，警告說，篡改賬本可能會破壞區塊鏈不成目標的核心承諾。

Among those voicing concerns about Ethereum’s role in the exploit is Alexander Leishman, founder of River Financial and a former teaching assistant for Stanford’s CS251 cryptocurrency class. He suggested that Ethereum’s expansive “attack surface” might have facilitated the attackers’ efforts.

在對以太坊在剝削中的作用的人們擔心的是亞歷山大·利甚曼（Alexander Leishman），他是河流金融的創始人，也是斯坦福大學CS251加密貨幣班的前助教。他建議以太坊廣闊的“攻擊表面”可能促進了攻擊者的努力。

Leishman noted via X: “The ETH attack surface is massive. Scary stuff. I would love to see somebody break down exactly what happened here […] The ByBit hack reminds me of when I was a TA for the cryptocurrency class (CS251) at Stanford. The final exam had a question asking students to find 8 purposefully placed bugs in an ETH contract. The students found 15.”

利甚曼（Leishman）通過X指出：“ ETH攻擊表面是巨大的。可怕的東西。我很想看到有人分解了這裡發生的事情[…] Bybit Hack讓我想起了我在斯坦福大學的加密貨幣班（CS251）的ta。期末考試有一個問題，要求學生在ETH合同中找到8個故意放置的錯誤。學生髮現15。”

He also drew comparisons with Bitcoin’s simpler UTXO model, explaining that when signing a Bitcoin transaction, one merely verifies the state transition, which is typically clear on a hardware wallet screen. In contrast, ETH signatures can include not just fund transfers but also commands to invoke complex smart contract logic.

他還與比特幣的更簡單的UTXO模型進行了比較，解釋說，在簽署比特幣事務時，人們只是驗證狀態過渡，這通常在硬件錢包屏幕上清楚。相比之下，ETH簽名不僅包括資金轉移，還包括調用複雜智能合同邏輯的命令。

“It absolutely has something to do with Ethereum […] In Ethereum you are signing off on fund movement AND a command to send a smart contract (which could lead to further fund movement) – a VERY error prone UX. ETH transactions don’t represent the state transition, they represent the command triggering the state transition,” he stated.

“這絕對與以太坊（以太坊）有關，您正在以太坊中籤署基金運動，並命令發送智能合約（這可能導致進一步的資金運動） - 非常容易出錯的UX。 ETH交易並不代表國家過渡，它們代表觸發國家過渡的命令。”他說。

Not everyone agrees that Ethereum’s inherent design deserves scrutiny. Toghrul Maharramov, a researcher at Fluent, insisted that the exploit “has nothing to do with Ethereum or EVM,” suggesting it was purely a platform-agnostic hack and that focusing on the blockchain itself distracts from more pertinent security lapses.

並非每個人都同意以太坊的固有設計應受到審查。 Fluent的研究人員Toghrul Maharramov堅持認為，剝削“與以太坊或EVM無關”，這表明這純粹是一種平台- 不合SnosticHack，並且專注於區塊鏈本身分散注意力，從而使人注意到更相關的安全性障礙。

Meanwhile, Anthony Sassano, an independent ETH educator and founder of The Daily Gwei, was more pointed in his rebuttal, suggesting that the Bybit hack “had nothing to do with a bug in an Ethereum smart contract.” He dismissed any correlation between Ethereum's architecture and the exchange's breach, reflecting a broader sentiment that the real weaknesses lay in Bybit's operational security and wallet management practices.

同時，獨立的ETH教育家，每日GWEI的創始人安東尼·薩薩諾（Anthony Sassano）對他的反駁更為指向，這表明拜百比·哈克（Bybit Hack）“與以太坊智能合約中的蟲子無關。”他駁斥了以太坊的建築與交易所的違規之間的任何相關性，這反映了一種更廣泛的情緒，即真正的弱點在於拜比特的運營安全和錢包管理實踐。

Leishman later clarified that he never claimed the Bybit hack stemmed from a direct bug in the Ethereum code itself. “Wow the eth podcasters are sensitive. Nowhere did I say the Bybit hack was the result of a smart contract bug. I was sharing an entertaining anecdote about how Ethereum’s complexity leads to difficult to catch security issues,” he wrote.

萊什曼後來澄清說，他從未聲稱bybit hack源於以太坊代碼本身的直接錯誤。 “哇，Eth Podcasters很敏感。我沒有說bybit hack是智能合同錯誤的結果。我分享了一個有趣的軼事，涉及以太坊的複雜性如何導致難以捕獲安全問題。”他寫道。

Instead, his core argument revolves around the difficulty of verifying a transaction's ultimate impact when Ethereum smart contracts are involved. The Bybit hack was the result of Ethereum’s ‘smart’ contract model making it very difficult to verify the state transition the signed transaction(s) from the multisig contract was going to trigger. It is much safer when the transaction IS the state transition,” Leishman concluded.

取而代之的是，他的核心論點圍繞著涉及以太坊智能合約時驗證交易的最終影響的困難。 Bybit Hack是以太坊的“智能”合同模型的結果，因此很難驗證Multisig合同中籤署的交易的狀態過渡將觸發。當交易是國家過渡時，這要安全得多。”利甚曼總結說。

At press time, ETH traded at $2,705.

發稿時，ETH的交易價格為2,705美元。