Bybit Hack在14億美元與以太有關的代幣被盜之後，派遣了漣漪。

黑客的後果使許多人想知道出了什麼問題，他們自己的資金是否安全，以及應該採取什麼措施來防止此類事件再次發生。

The February hack against Bybit sent ripples through the industry after $1.4 billion in Ether-related tokens were stolen from the centralized exchange, reportedly by the North Korean hacking collective Lazarus Group, in what was the most costly crypto theft ever.

據報導，據報導是北朝鮮黑客集體拉薩魯斯集團（Lazarus Group），這是有史以來最昂貴的加密盜竊案，這是2月對拜比特（Bybit）的黑客攻擊，這是北朝鮮黑客集體拉撒路集團（The Collean Collective Lazarus Group），這是有史以來最昂貴的加密盜竊案。

The fallout from the hack has left many people wondering what went wrong, whether their own funds are safe, and what should be done to prevent such an event from happening again.

黑客的後果使許多人想知道出了什麼問題，他們自己的資金是否安全，以及應該採取什麼措施來防止此類事件再次發生。

According to blockchain security company CertiK, the massive heist represented roughly 92% of all losses for February, which saw a nearly 1,500% increase in total lost crypto from January as a result of the incident.

根據區塊鏈安全公司Certik的說法，大規模的搶劫案約佔2月所有損失的92％，由於事件起，一月起，總丟失加密貨幣的總丟失量增長了近1,500％。

On Episode 57 of Contelegraph’s The Agenda podcast, hosts Jonathan DeYoung and Ray Salmond speak with CertiK’s chief business officer, Jason Jiang, to break down how the Bybit hack happened, the fallout from the exploit, what users and exchanges can do to keep their crypto secure, and more.

在Ponegraph的《議程播客》的第57集中，主持喬納森·迪尤（Jonathan Deyoung）和雷·薩爾蒙德（Ray Salmond）與Certik的首席業務官Jason Jiang交談，以打破Bybit Hack發生的情況，利用的後果，用戶和交流的影響，用戶和交流可以做什麼以保持其隱態安全以及更多。

Are crypto wallets still safe after Bybit hack?

Bybit Hack之後，加密錢包仍然安全嗎？

Put simply, Lazarus Group was able to pull off the massive hack against Bybit because it managed to compromise the devices of all three signers who controlled the multisignature SafeWallet Bybit was using, according to Jiang. The group then tricked them into signing a malicious transaction that they believed was legit.

簡而言之，Lazarus Group能夠對BYBIT進行大規模的黑客攻擊，因為它設法妥協了控制了控制多符號Safewallet Bybit的所有三個簽名者的設備。然後，小組欺騙他們簽署了他們認為合法的惡意交易。

Does this mean that SafeWallet can no longer be trusted? Well, it’s not so simple, said Jiang. “It is possible that when the Safe developer’s computer got hacked, more information was leaked from that computer. But I think for the individuals, the likelihood of this happening is rather low.”

這是否意味著Safewallet不能再被信任？江說，這並不是那麼簡單。 “當安全開發人員的計算機被黑客入侵時，可能會從該計算機中洩漏更多信息。但是我認為，對於個人來說，這種情況的可能性很低。”

He said there are several things the average user can do to drastically increase their crypto security, including storing assets on cold wallets and being aware of potential phishing attacks on social media.

他說，普通用戶可以做幾件事以急劇提高加密貨幣安全性，包括將資產存儲在冷錢包上，並意識到社交媒體上潛在的網絡釣魚攻擊。

Source: CertiK

資料來源：certik

When asked whether hodlers could see their Ledger or Trezor hardware wallets exploited in a similar manner, Jiang again said that it’s not a big risk for the average user — as long as they do their due diligence and transact carefully.

當被問及霍德爾（Hodlers）是否可以看到他們的分類帳或以類似方式利用的勒索（Trezor）硬件錢包時，江再次表示，只要他們進行盡職調查並仔細地進行交易，這對普通用戶來說並不是很大的風險。

“One of the reasons that this happened was that the signers were like a blind-send-signing the order, just simply because their device did not show the full address,” he said, adding, “Make sure that the address you are sending to is what you’re intending to, and you want to double check and triple check, especially for larger transactions.”

他說：“發生這種情況的原因之一是簽名人就像一個盲目的簽字訂單，僅僅是因為他們的設備沒有顯示完整的地址，”他補充說，“請確保您要發送的地址就是您的意圖，並且您想仔細檢查和三重檢查，尤其是對更大的交易。”

How to prevent the next multibillion-dollar exchange hack

如何防止下一個數十億美元的交換黑客

Jiang pointed to a lack of comprehensive regulations and safeguards as a potential element contributing to the ongoing fallout from the hack, which fueled debates over the limits of decentralization after several validators from crosschain bridge THORChain refused to roll back or block any of Lazarus Group’s efforts to convert its funds into Bitcoin (BTC).

江指出，缺乏全面的法規和保障措施，這是導致黑客襲擊的潛在因素，這加劇了關於權力下放的限制的辯論，此前幾位來自十字架橋樑thorchain的驗證者拒絕退後或阻止拉扎魯斯集團將其資金轉換為比特幣（BTC）的任何努力）。

“Welcome to the Wild West,” said Jiang. “This is where we are right now.”

“歡迎來到野外西部，”江說。 “這是我們現在所處的地方。”

“From our view, we think crypto, if it is to be flourishing, it needs to hug the regulation. To make it easy to be adopted by the mass general here, we need to hug the regulation, and we need to figure out ways to make this space safer.”

“從我們看來，我們認為加密貨幣，如果要蓬勃發展，它需要擁抱法規。要使這裡的大規模將軍輕鬆採用，我們需要擁抱法規，我們需要找出使這個空間更安全的方法。”

Related: Financial freedom means stopping crypto MEV attacks — Shutter Network contributor

相關：財務自由意味著停止加密MEV攻擊 - 快門網絡貢獻者

Jiang commended Bybit CEO Ben Zhou on his response to the incident, but he also pointed out that the exchange’s bug bounty program prior to the hack had a reward of just $4,000. He said that while most people in cybersecurity are not motivated by money alone, having larger bug bounties can potentially help exchanges stay more secure.

江對拜比特首席執行官本·週（Ben Zhou）對此事件的回應表示讚賞，但他還指出，在黑客之前，交易所的漏洞賞金計劃只有4,000美元。他說，儘管大多數網絡安全的人都不是僅僅由錢而動機，但是擁有更大的漏洞賞金可以幫助交換更加安全。

When asked about the ways exchanges and protocols can motivate and retain top-tier talent to help protect their systems, Jiang suggested that security engineers don’t always get the credit they deserve.

當被問及交流和協議可以激勵和保留頂級人才以幫助保護自己的系統的方式時，江建議安全工程師並不總是獲得應有的信譽。

“A lot of people say that the first-degree talent goes to the developers because that’s where they will get most rewarding,” he said. “But it’s also about us giving enough attention to the security engineers. They carry a huge responsibility.”

他說：“很多人說，一級才能歸功於開發人員，因為那是他們將獲得最有意義的地方。” “但這也是關於我們對安全工程師的充分關注。他們承擔著巨大的責任。”

To hear more from Jiang’s conversation with The Agenda — including how CertiK carries out audits, how quantum computing and AI will impact cybersecurity, and more — listen to the full episode on Cointelegraph’s Podcasts page, Apple Podcasts or Spotify. And don’t forget to check out Cointelegraph’s full lineup of other shows! 

要聆聽江格與議程的對話的更多信息，包括Certik如何進行審計，量子計算和AI將如何影響網絡安全等等 - 聆聽Cointelegraph的播客頁面上的完整劇集，Apple Podcasts或Spotify。而且，不要忘記查看Cointelegraph的其他演出陣容！

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

本文是出於一般信息目的，不打算被視為法律或投資建議。這裡表達的觀點，思想和觀點是作者獨自一人，不一定反映或代表Cointelegraph的觀點和觀點。