下一部以黑客為主題的電影可能是基於最近涉及Bybit和Safe的150萬美元黑客事件。

經過一周的廣泛調查，安全團隊，BYBIT和安全公司提供了最新的更新。

Author: BlockBeats

作者：大塊

The next hacker-themed movie may be based on the recent $1.5 billion hack incident involving Bybit and Safe. The hacker's methods are considered perfect, and no traces have been found so far.

下一部以黑客為主題的電影可能是基於最近涉及Bybit和Safe的15億美元黑客事件。黑客的方法被認為是完美的，到目前為止尚未發現痕跡。

After a week of extensive investigation, the Safe team, Bybit, and security companies have provided the latest updates. Rhythm BlockBeats summarizes the investigation results in the simplest terms, revealing the first-hand situation of the incident:

經過一周的廣泛調查，安全團隊，BYBIT和安全公司提供了最新的更新。節奏塊的總結總結了最簡單的調查結果，揭示了事件的第一手情況：

Code is fine: The front-end code of Safe is open-source, and there are no issues at the code level; it was the security of Safe's server that was attacked.

代碼很好：安全的前端代碼是開源的，並且在代碼級別沒有問題；受到攻擊的是安全服務器的安全性。

There is an "insider": Specifically, the code that was actually deployed in the production environment does not match what is shown in the open-source repository. This means that at some point, someone replaced the code or inserted malicious code during the deployment process.

有一個“內部人士”：具體來說，實際上在生產環境中部署的代碼與開源存儲庫中顯示的代碼不匹配。這意味著在某個時候，有人在部署過程中替換了代碼或插入惡意代碼。

Insider's identity unknown: Not all developers have the permission to deploy production environment code. Those who can perform such deep operations must have a high level of trust. This "insider" could be a long-trusted developer or a team member who has gained sufficient permissions. The attacker hid their tracks for a long time, and Safe has checked historical transactions but found no anomalies or traces of the "insider," calling on the community and users to assist in the investigation.

Insider的身份未知：並非所有開發人員都有部署生產環境代碼的權限。那些可以執行如此深入的操作的人必須具有很高的信任。這個“內部人士”可能是獲得足夠權限的長期信任開發人員或團隊成員。攻擊者很長一段時間以來都隱藏了他們的步伐，安全檢查了歷史交易，但沒有發現“內部人士”的異常或痕跡，呼籲社區和用戶協助調查。

In addition, Safe has not mentioned any plans to assist with compensation, only discussing some follow-up upgrade plans, while reminding everyone to remain rational and not to believe those marketing their so-called "advanced multi-signature," "semi-custodial," "MPC," and other products in light of this hacking incident, as these products may actually expand the attack surface.

此外，Safe尚未提及任何協助賠償的計劃，只討論一些後續升級計劃，同時提醒所有人保持理性，並且不相信那些在這種黑客攻擊事件的情況下，這些產品可能會擴大攻擊表面。

In fact, this is not the first theft incident involving Safe's multi-signature. The method used this time is very similar to the Radiant Capital hack incident in October last year. In that incident, the hacker also infected the devices of core developers, implanting malware that caused the developers to mistakenly believe they were performing legitimate operations while actually executing malicious transactions in the background.

實際上，這並不是涉及Safe多簽名的第一次盜竊事件。這次使用的方法與去年10月的Radiant Capital Hack事件非常相似。在那個事件中，黑客還感染了核心開發人員的設備，植入了惡意軟件，這些惡意軟件使開發人員錯誤地認為他們正在執行合法的操作，同時實際上在後台執行了惡意交易。

Safe Can Influence a Large Portion of the Crypto Space

安全會影響加密貨幣空間的很大一部分

Why is this incident attracting so much attention? The reason is that Safe is the most popular multi-signature wallet in the Ethereum ecosystem.

為什麼這個事件吸引了這麼多關注？原因是安全是以太坊生態系統中最受歡迎的多簽名錢包。

When Safe launched its token last year, the top 100 airdrop addresses were almost entirely composed of project parties, institutions, and large holders. This means that the security of Safe can influence a large portion of the crypto space.

當Safe於去年推出其代幣時，排名前100的空調地址幾乎完全由項目派對，機構和大型持有人組成。這意味著安全的安全可以影響加密貨幣空間的很大一部分。

As shown in the image, well-known names include Metamask, PleasrDao, AAVE, 1inch, Lido, and so on.

如圖所示，眾所周知的名稱包括metamask，peamrdao，aave，1英寸，裡多（Lido）等。

At the same time, in this cycle, traditional finance, traditional institutions, family funds, and old money have accelerated their entry into the market. However, due to the high barriers to entry in crypto, many have chosen relatively safer methods to protect their funds, such as multi-signature wallets like Safe.

同時，在這個週期中，傳統的金融，傳統機構，家庭資金和舊金加速了他們進入市場的進入。但是，由於進入加密貨幣的障礙很高，許多人選擇了相對更安全的方法來保護其資金，例如Safe等多簽名錢包。

For example, the most representative case is Trump's DeFi team.

例如，最具代表性的案件是特朗普的賽義團隊。

According to Safe guardians who spoke to Rhythm BlockBeats, the simplest ways to determine whether an on-chain address is a Safe wallet address are: first, it shows "MultiSig" on ARKHAM; second, the address on the debank page will directly display "MultiSig:Safe" below it. As seen in the image, Trump's DeFi project World Liberty Fi indeed uses a multi-signature wallet.

據安全的監護人說，與節奏塊的交談，確定鍊鍊地址是否是安全錢包地址的最簡單方法是：首先，它在Arkham上顯示“ Multisig”；其次，拆卸頁面上的地址將直接在其下方顯示“ Multisig：Safe”。如圖像所示，特朗普的菲迪項目世界自由fi確實使用了多種簽名的錢包。

This means that any security vulnerability in Safe could trigger a massive chain reaction and butterfly effect.

這意味著安全中的任何安全脆弱性都可能觸發巨大的鏈反應和蝴蝶效應。

Even Top Security Infrastructure in Crypto Can Have Issues

即使是加密中的頂級安全基礎架構也可能存在問題

The Safe project is essentially a top-tier project in the Ethereum ecosystem, incubated by the Gnosis team.

安全項目本質上是由GNOSIS團隊孵育的以太坊生態系統中的頂級項目。

Gnosis Chain, which gained prominence in the last cycle, focuses on building efficient and secure decentralized applications. According to DefiLlama data, as of the writing of this article, Gnosis Chain's total value locked (TVL) is $200 million, with a peak of $350 million.

在最後一個週期中獲得了突出的GNOSIS鏈，重點是建立有效且安全的分散應用。根據Defillama的數據，在本文撰寫本文時，Gnosis Chain的總價值鎖定（TVL）為2億美元，高峰為3.5億美元。

In fact, the story of the Gnosis ecosystem and incubator can be traced back to 2015.

實際上，可以追溯到2015年的GNOSIS生態系統和孵化器的故事。

Compared to the now well-known Polymarket, Gnosis co-founder Martin Koeppelmann began researching decentralized prediction markets much earlier. In 2015, he published his thoughts on the combination of MarketMaker and OrderBook on his forum, which was one of the earliest concepts for decentralized prediction markets in the industry.

與現在著名的多聚市場相比，GNOSIS聯合創始人馬丁·科佩爾曼（Martin Koeppelmann）開始更早地研究分散的預測市場。 2015年，他在論壇上發表了關於市場製造商和訂購書的結合的想法，該論壇是該行業分散預測市場的最早概念之一。

Martin Koeppelmann was also one of the earliest Ethereum developers, having joined before the DAO period. Living in Berlin, he had close interactions with Vitalik, who was also in the Berlin office at that time.

馬丁·科佩爾曼（Martin Koeppelmann）也是最早的以太坊開發人員之一，在道時代之前加入。他住在柏林，與當時也在柏林辦公室的維塔利克進行了密切的互動。

Over the years, he has participated in many discussions within the Ethereum development community and frequently discussed issues related to L2, ZK, and the Ethereum roadmap with Vitalik. From Martin's comments on social media, one can see his level of integration into the community.

多年來，他參加了以太坊發展社區中的許多討論，並經常討論與L2，ZK和Vitalik的以太坊路線圖有關的問題。從馬丁在社交媒體上的評論中，人們可以看到他與社區的融合水平。