談論李和談論外面

是（2月21日）

Some friends were still immersed in the joy of "the bull returning quickly" yesterday (February 21), as Bitcoin rebounded to around $99,500 and Ethereum also bounced back to around $2,850. Let's not get into whether yesterday's rebound was a trap; it seems that this market trend has given some partners hope again.

一些朋友仍然沉迷於昨天（2月21日）（2月21日）的“公牛迅速返回”的喜悅，因為比特幣反彈至99,500美元左右，以太坊也彈回到了2,850美元左右。讓我們不要介紹昨天的反彈是否是陷阱。看來這種市場趨勢使一些合作夥伴再次希望。

However… by the evening, the market faced a black swan event: the Bybit exchange was hacked, with over 510,000 ETH stolen (worth about $1.5 billion, including 401,347 ETH, 90,376 stETH, 15,000 cmETH, and 8,000 mETH).

但是……到了晚上，市場面臨黑天鵝活動：拜比特交易所被黑客入侵，超過51萬ETH被盜（價值約15億美元，其中包括401,347 ETH，90,376 Steth，15,000 Cmeth和8,000 Meth）。

We don't need to delve too deeply into the complex attack techniques; interested friends can look it up online. Here, we will simply explain it in layman's terms:

我們不需要深入研究複雜的攻擊技術。有興趣的朋友可以在線查找。在這裡，我們將簡單地用外行的術語解釋：

There is an exchange called Bybit, and their multi-signature cold wallet is managed and authorized by a few individuals, namely Zhang San, Li Si, and Wang Wu. Any transaction must be signed by all of them to be completed. So, the hacker used some special means to locate these individuals (which falls under social engineering attacks) and continued to implant malware on their computers through some special methods. One day, the three individuals received a signature request for a transfer, showing that 500 ETH was to be transferred out. Zhang San saw that there was no problem with the operation interface, so he signed it as usual, and then Li Si and Wang Wu did the same. However, the signature interface they saw was forged by the hacker, resulting in the simultaneous signatures transferring 500,000 ETH to the hacker's wallet address.

有一個稱為bybit的交流，他們的多簽名冷錢包由少數個人（即張聖，李si和王王）管理和授權。所有交易必須由所有交易簽署，以要完成。因此，黑客使用了一些特殊的手段來定位這些人（屬於社會工程攻擊），並通過一些特殊的方法繼續將惡意軟件植入計算機。有一天，這三個人收到了轉會的簽名請求，表明將要轉移500 enth。張聖山（Zhang San）看到操作界面沒有問題，因此他照常簽名，然後李·賽（Li Si）和王吳（Wang Wu）也做了同樣的事情。但是，他們看到的簽名接口是由黑客鍛造的，導致同時簽名將500,000 ETH轉移到黑客的錢包地址。

After the Bybit attack incident occurred, various speculations emerged online. Some said it was an inside job, while others claimed it was the work of a North Korean hacker organization, and even some users from the PI community were spreading the word that they would take responsibility for the incident…

在發生BYBIT攻擊事件後，在線出現了各種猜測。一些人說這是一項內部工作，而另一些人則聲稱這是一個朝鮮黑客組織的工作，即使是PI社區的一些用戶也在傳播他們對這一事件負責的詞……

However, after analyzing the situation throughout the morning, it seems that professionals have largely determined that this attack was carried out by the North Korean hacker group Lazarus Group, using a method called blind signature, where the UI displayed to the user on the infected device differs from what actually happens in the background. The specific process is roughly as we described in layman's terms. Interested friends can also consider looking at the detailed report released by Slow Mist for a more professional interpretation.

但是，在整個早晨分析了情況之後，似乎專業人士在很大程度上確定了這次攻擊是由朝鮮黑客組Lazarus Group進行的，使用了一種稱為盲簽名的方法，在該方法中，UI在其中向用戶顯示了受感染設備上的用戶與背景中實際發生的事情不同。正如我們在外行所描述的那樣，具體過程大致是。有興趣的朋友還可以考慮查看Slow Mist發布的詳細報告，以進行更專業的解釋。

The North Korean hacker organization Lazarus Group has been accused of multiple cyber attacks since 2010, including the Sony Pictures hack, the 2016 bank heist, the "WannaCry" ransomware attack, and several attacks targeting cryptocurrency and pharmaceutical companies. As shown in the image below.

自2010年以來，朝鮮黑客組織Lazarus Group被指控多次網絡攻擊，包括索尼影業黑客，2016年銀行搶劫，“ WannaCry”勒索軟件攻擊以及針對加密貨幣和製藥公司的幾項攻擊。如下圖所示。

Below are some attacks by the Lazarus Group in the cryptocurrency field:

以下是拉撒路集團在加密貨幣領域的一些攻擊：

And so on…

等等…

It can also be seen that this Bybit hack is the largest theft incident in history. Although this black swan event is quite significant, it seems that it hasn't caused a heavy blow to the overall market. As of the time of writing, Bitcoin's price remains around $96,000, and Ethereum's price stays around $2,700. There were only some minor incidents during this period, such as:

還可以看出，這種bybit hack是歷史上最大的盜竊事件。儘管這個黑天鵝事件非常重要，但似乎並沒有給整個市場造成沉重打擊。截至撰寫本文時，比特幣的價格仍約為96,000美元，以太坊的價格停留在2,700美元左右。在此期間，只有一些小事件，例如：

MNT (Bybit's token) dropped 10% within minutes, as shown in the image below.

如下圖所示，MNT（BYBIT的令牌）在幾分鐘內下降了10％。

USDE decoupled by 5%, but quickly rebounded. This also indirectly caused ENA to drop and then rise, with a direct increase of about 10% today. This might also be due to Ethena's timely public relations efforts, as shown in the image below.

USDE脫鉤5％，但很快反彈。這也間接導致ENA下降然後上升，今天直接增加了約10％。如下圖所示，這也可能是由於Ethena及時的公共關係努力所致。

Looking back at the situation over the past ten hours, Bybit's public relations handling has been quite good. For instance, within 30 minutes of the incident, Bybit's CEO responded on the X platform, and within the next 10 minutes, Bybit's official account also released an official statement. The CEO even held a live stream to answer some community questions. This speed and attitude in handling the situation have been quite helpful in stabilizing market sentiment temporarily.

回顧過去十個小時的情況，拜比特的公共關係處理非常好。例如，在事件發生後的30分鐘內，Bybit的首席執行官在X平台上做出了回應，在接下來的10分鐘內，Bybit的官方帳戶也發布了官方聲明。首席執行官甚至舉行了現場直播來回答一些社區問題。處理這種情況的速度和態度對暫時穩定市場情緒非常有幫助。

However, the internet is still filled with various messages and speculations. My suggestion is that everyone should at least remain calm and avoid clicking on random links to prevent phishing. I have noticed that some people have started to promote scam wallets using this hot topic, luring users to download them under the guise of protecting their assets. If you are concerned about the safety of your assets, you might consider temporarily transferring them to larger exchanges like Binance or OKX.

但是，互聯網仍然充滿了各種消息和猜測。我的建議是，每個人都至少應該保持冷靜，並避免單擊隨機鏈接以防止網絡釣魚。我已經註意到，有些人已經開始使用此熱門話題來促進騙局，以保護用戶以保護其資產的幌子下載它們。如果您擔心資產的安全性，則可以考慮將它們暫時轉移到諸如Binance或OKX等較大的交易所中。

Since the hackers are from North Korea, the probability of recovering the stolen assets is quite low. This loss will likely have to be borne by Bybit itself. As for how they will bear it, whether Bybit will purchase ETH

由於黑客來自朝鮮，因此恢復被盜資產的可能性很低。這種損失可能必須由Bybit本身承擔。至於他們將如何承擔它，bybit是否會購買ETH