Bybit Hack：與朝鮮相關的Lazarus集團利用關鍵缺陷在ETH中竊取$ 1.5B

交換平台的安全是加密貨幣世界中的一個核心問題。一場新的攻擊再次強調了該行業的脆弱性：最有影響力的交流之一BYBIT遭受了異常黑客事件，估計以太坊損失了15億美元。

A recent attack on Bybit, one of the world's largest cryptocurrency exchanges, has once again highlighted the vulnerability of centralized platforms and the challenges in protecting users' funds. According to initial investigations, the Lazarus group, a cybercriminal organization affiliated with North Korea, is suspected to be behind this attack, which resulted in a loss of approximately $1.5 billion in Ethereum.

最近對世界上最大的加密貨幣交易所之一Bybit的攻擊再次強調了集中式平台的脆弱性以及保護用戶資金的挑戰。根據初步調查，與朝鮮相關的網絡犯罪組織Lazarus集團被認為是這次襲擊的幕後黑手，導致以太坊損失了約15億美元。

The attack was detected on Friday by on-chain analysts, including ZachXBT, who alerted to a suspicious movement of 400,000 ETH from the platform's cold wallets. The funds were swiftly transferred out of the exchange and quickly exchanged for staked tokens (mETH and stETH) before being converted back into Ethereum. Ben Zhou, CEO of Bybit, later confirmed the attack during a livestream, revealing that the exchange lost around 70% of its ETH reserves in the incident.

週五，包括Zachxbt在內的鏈分析師發現了這次襲擊，他們向平台的冷錢包中的40萬ETH提醒了可疑的運動。這些資金迅速從交易所轉移到交換中，並迅速換成湯匙的代幣（甲基甲基苯甲酸甲酚和steth），然後轉換回以太坊。拜比特（Bybit）首席執行官本週（Ben Zhou）隨後在直播中證實了這次襲擊，透露該交易所在事件中損失了約70％的ETH儲備。

Cybersecurity experts from Cyvers suggest that the attackers exploited a flaw in the transaction signing system, deceiving the holders of Bybit's private keys and leading them to approve a fraudulent transaction that appeared legitimate. According to Jack Sanford, CEO of Sherlock DeFi, the attackers might have altered the parameters of the multisig smart contract, allowing them to take control of the funds. While the precise details of the compromise are still emerging, several hypotheses point to an intrusion through the user interface or an infection of the signatories' computers.

來自Cyers的網絡安全專家表明，攻擊者在交易簽名系統中利用了一個缺陷，欺騙了Bybit的私鑰持有人，並帶領他們批准了似乎合理的欺詐交易。 Sherlock Defi首席執行官傑克·桑福德（Jack Sanford）表示，攻擊者可能改變了Multisig智能合約的參數，從而使他們能夠控制資金。雖然妥協的確切細節仍在出現，但一些假設表明，通過用戶界面或簽名人的計算機感染了入侵。

Despite the severity of the hack, Bybit assured that users' funds were covered 1:1 and that the exchange faced no risk of insolvency. In a message to investors posted on X (formerly Twitter) on February 22, Ben Zhou stated that the exchange had already secured a bridge loan covering 80% of the stolen amount to maintain its liquidity and honor withdrawal requests.

儘管黑客嚴重程度，Bybit仍保證用戶的資金涵蓋了1：1，而交易所沒有遇到破產的風險。在2月22日在X（以前是Twitter）上發布的投資者的一封信中，本周說，該交易所已經獲得了一筆橋樑貸款，覆蓋了被盜金額的80％，以維持其流動性和榮譽撤回請求。

Facing pressure from investors and market observers, Bybit opted not to suspend withdrawals, although Changpeng Zhao, former CEO of Binance, recommended a temporary freeze in a post on X on February 21 to prevent widespread panic. This approach differs from that taken by other platforms that encountered similar attacks, such as FTX or Celsius, which chose to temporarily block access to funds, leading to user distrust.

面對投資者和市場觀察家的壓力，拜特比特選擇不暫停撤軍，儘管畢省前首席執行官Changpeng Zhao在2月21日的X帖子中推薦了臨時凍結，以防止廣泛的恐慌。這種方法與遇到類似攻擊的其他平台（例如FTX或Celsius）所採用的方法有所不同，FTX或Celsius選擇暫時阻止對資金的訪問，從而導致用戶不信任。

Such a hack could mark a turning point in how centralized platforms manage their reserves and secure their infrastructures. The involvement of the Lazarus group, known for its sophisticated attacks, raises questions about the adequacy of existing regulation and security protocols, which may need to be strengthened to prevent such disasters.

這樣的黑客可能標誌著集中式平台如何管理其儲備並確保其基礎架構的轉折點。拉撒路集團以其複雜的攻擊而聞名的拉撒路集團的參與提出了有關現有法規和安全協議是否適當的疑問，這可能需要加強以防止此類災難。

In the aftermath of the incident, some voices are advocating for hybrid solutions that combine the security of cold wallets with the flexibility of validation systems, to enhance the protection of user funds. Others, like Arthur Hayes, co-founder of BitMEX, took a more provocative approach, calling on Vitalik Buterin to "rollback the Ethereum blockchain," alluding to the DAO Hack of 2016 that led to a fork of the network. While such action is now highly unlikely, this incident brings the debate on the reliability of centralized exchanges and the need for investors to diversify their storage strategies back to the forefront.

事件發生後，一些聲音提倡將冷錢包的安全性與驗證系統的靈活性相結合，以增強對用戶資金的保護。其他人，例如Bitmex的聯合創始人亞瑟·海斯（Arthur Hayes）採取了一種更具挑釁性的方法，呼籲Vitalik Buterin“回滾以太坊區塊鏈”，暗示了2016年的Dao Hack，這導致了網絡的叉子。儘管現在不太可能採取這種行動，但此事件引發了關於集中交流的可靠性的辯論，以及投資者需要將其存儲策略多樣化回到最前沿的辯論。

As the crypto ecosystem continues to expand and face new challenges, the Bybit affair serves as a reminder of the importance of sound infrastructure and robust security measures to safeguard users' assets in the digital realm.

隨著加密生態系統繼續擴展並面臨新的挑戰，bybit事件提醒人們，聲音基礎架構和強大的安全措施對維護數字領域中的用戶資產的重要性。