儘管行業努力阻止它們，但Bybit Hackers已設法兌現了大約3億美元被盜$ 1.4B的數字資產

報導表明，Bybit Hack背後的網絡犯罪分子已兌現了他們偷走的14億美元數字資產中約3億美元。

The hackers behind the Bybit hack have managed to cash out approximately $300 million of the $1.4 billion in digital assets they stole, despite industry efforts to prevent them. The hack, which is thought to be the biggest in crypto history, has sparked debate about how Web3 firms can prevent similar attacks in the future.

儘管行業努力阻止它們，但Bybit Hack背後的黑客攻擊了他們偷走的14億美元數字資產中約有3億美元。被認為是加密歷史上最大的黑客，引發了有關Web3公司如何防止類似攻擊的辯論。

According to crypto investigator Tom Robinson, co-founder of Elliptic, the hackers, who are largely focused on evading security experts who are trying to block the stolen funds, have managed to siphon off 20% of the funds, which has now “gone dark.”

Crypto調查員埃爾利普蒂奇（Elliptic）的聯合創始人湯姆·羅賓遜（Tom Robinson）表示，黑客主要專注於逃避試圖阻止被盜資金的安全專家，他設法借鑒了20％的資金，這些資金現在已經“黑暗了”。

Reporting that his team can now see the hackers’ activity, which suggests they are working nearly 24 hours a day, Robinson added that “every minute matters for the hackers, who are trying to confuse the money trail, and they are extremely sophisticated in what they’re doing.”

羅賓遜報導說，他的團隊現在可以看到黑客的活動，這表明他們每天工作了將近24小時，他補充說：“每一分鐘對於黑客來說都是很重要的，他們試圖混淆貨幣踪跡，而且他們的工作非常精緻。”

As previously reported by Bitcoin.com News, the North Korea-backed Lazarus Group, which is thought to be behind the Bybit hack, successfully used an industry bug to swap some of the stolen ether (ETH) for more than 6,000 bitcoin (BTC).

正如Bitcoin.com News先前報導的那樣，朝鮮支持的拉撒路集團（Lazarus Group）被認為是Bybit Hack的背後，成功地使用了一個行業錯誤將一些被盜的Ether（ETH）換成超過6,000個比特幣（BTC）。

The conversion to BTC, which is an autonomous cryptocurrency that renders it nearly impossible for Bybit to recover, is part of a wider effort by the hackers to liquidate the stolen cryptocurrency holdings.

向BTC的轉換是一種自主加密貨幣，它幾乎無法恢復，這是黑客更廣泛努力的一部分，即清算被盜的加密貨幣控股。

However, North Korea’s alleged prowess in hacking and laundering, combined with the fact that the task was made more challenging by the carelessness of crypto firms, has made it difficult for security experts, who have identified $40 million of the stolen funds, to make significant progress.

但是，朝鮮據稱在黑客和洗錢方面的實力，加上這一事實，即由於加密貨幣公司的粗心大意，這項任務變得更具挑戰性，這使得對已有4000萬美元偷來的資金的安全專家很難取得重大進展。

What Web3 Firms Can Do to Prevent Hacks

Web3公司可以採取哪些措施來防止黑客攻擊

The scale of the Bybit hack, as well as the apparent ability of the hackers to evade and outpace industry efforts to stymie them, has sparked debate about what steps Web3 firms should take to prevent similar attacks in the future.

Bybit Hack的規模以及黑客逃避和超越行業努力阻礙他們的明顯能力，引發了有關Web3公司將來應採取哪些步驟的辯論，以防止將來採取類似的攻擊。

Some, like Konstantin Stanislavsky, founder of crypto recovery firm TRM, believe the transparency and industry cooperation seen after the hack are the best ways to counter hackers.

加密貨幣公司TRM的創始人Konstantin Stanislavsky這樣的一些人認為，在黑客攻擊之後看到的透明度和行業合作是反黑客的最佳方法。

“The crypto industry has come together in an unprecedented way to track the stolen funds and support the victims of this devastating hack,” said Stanislavsky.

斯坦尼斯拉夫斯基說：“加密貨幣產業以前所未有的方式匯聚在一起，以追踪被盜資金並支持這種毀滅性駭客的受害者。”

However, critics assert that the fact the hackers, who are known to keep stolen funds for years before liquidating them, have already managed to cash out a third of the stolen funds in a short period of time undermines this argument.

但是，批評者斷言，眾所周知，黑客在清算之前曾保留被盜資金的事實，已經設法在短時間內兌現了三分之一的被盜資金，這破壞了這一論點。

Instead, others, like Nanak Nihal Khalsa, co-founder of Web3 identity firm Holonym, believe a technology like zero-knowledge proofs (ZKPs) could have prevented an attack that was attributed to blind signing vulnerabilities on Ledger hardware wallet devices.

取而代之的是，Web3 Identity公司Holyony的聯合創始人Nanak Nihal Khalsa這樣的其他人認為，像零知識證明（ZKP）這樣的技術可能會阻止攻擊造成的攻擊，該攻擊歸因於在Ledger硬件錢包設備上盲目簽名漏洞。

Although it’s said to be the bedrock of many privacy-preserving protocols, Khalsa and others believe blind signing may be on borrowed time, and steps must be taken to get further ahead of criminals.

儘管據說這是許多保存隱私協議的基石，但Khalsa和其他人認為盲人簽署可能是在藉來的時間上，並且必須採取措施才能超越罪犯。

Pointing out how Holonym could have prevented the attack, Khalsa added that their Human Wallet has a feature that prevents blind signing by showing a human-readable transaction on a hardware wallet instead of the usual undecipherable data.

Khalsa在指出聖個名義是如何阻止攻擊的，他補充說，他們的人體錢包具有通過在硬件錢包上顯示人類可讀的交易來防止盲目簽名的功能，而不是通常的不明確數據。

“This allows the user to make an informed decision about whether or not to approve the transaction. In the case of the Ledger hardware wallet, the hackers were able to blind sign a large transaction that went undetected. However, with Holonym’s Human Wallet, the user would have seen the transaction in plain English and would have been able to cancel it if they had chosen.”

“這使用戶可以就是否批准交易做出明智的決定。在分類帳硬件錢包的情況下，黑客能夠盲目簽署一項未被發現的大型交易。但是，借助Holyon的人體錢包，用戶本來可以看到簡單的英語交易，如果選擇的話，他們將能夠取消該交易。”

Further stating that current solutions overpromise safety but underdeliver, Khalsa said ZKP solutions like Holonym’s can serve as the much-needed “shield” that keeps signers informed without jeopardizing speed or security.

Khalsa進一步指出，當前的解決方案過高的安全性，但不足，Khalsa表示，像Holymons這樣的ZKP解決方案可以用作急需的“盾牌”，可以使簽名人通知簽名者而不會危及速度或安全性。

While there is no broad consensus on how the industry moves on from what has been described as the biggest hack ever, ZKP proponents like Khalsa believe this technology can play a part in rebuilding trust in the industry.

儘管該行業如何從被描述為有史以來最大的黑客攻擊的情況下尚無共識，但像Khalsa這樣的ZKP支持者認為，這項技術可以在重建該行業的信任中發揮作用。