十大加密安全事件將教您如何保護您的資產

這一系列的安全事件進一步加劇了已經呆滯的加密市場，暴露了資產安全管理缺乏嚴格性

Author: Huo Huo, Baihua Blockchain

Last Saturday, the world's second-largest CEX Bybit was hacked, with a total of $1.46 billion in ETH stolen, setting a record for the highest amount stolen in a single token theft case in history.

上週六，全球第二大CEX BYBIT被黑客入侵，總計14.6億美元被盜，創造了歷史上單個令牌盜竊案中最高偷來的紀錄。

This incident occurred shortly after crypto financial card service provider Infini was also hacked, with approximately $49.5 million in funds being stolen from its Ethereum address on February 24.

這一事件發生在加密貨幣金融卡服務提供商Infini也被黑客入侵之後不久，2月24日，其以太坊地址被偷走了約4,950萬美元的資金。

This series of security incidents has further exacerbated the already sluggish crypto market, exposing the lack of rigor in asset security management on crypto platforms and furthering weakening market liquidity, making security issues once again the focus of industry attention.

這一系列的安全事件進一步加劇了本來已經呆滯的加密市場，揭示了加密平台上資產安全管理缺乏嚴格性，並使市場流動性削弱，使安全問題再次成為行業關注的焦點。

According to blockchain analysis company Chainalysis, hackers stole approximately $2.2 billion in crypto assets in 2024, and to date, the total amount stolen exceeds $5 billion (equivalent to over 36 billion RMB).

根據區塊鏈分析公司的鏈分析，黑客在2024年偷走了約22億美元的加密資產，而迄今為止，被盜的總金額超過50億美元（相當於超過360億元人民幣）。

Today, we will review the top ten crypto security incidents from the past (including the Bybit theft incident in February 2025). The 36 billion RMB in assets lost in these ten security incidents serves as a "bloody lesson" for the owners. What important tips can individuals glean from these incidents to protect their crypto assets?

今天，我們將審查過去十大加密安全事件（包括2025年2月的Bybit Theft事件）。在這十起安全事件中損失的360億國民界人士損失的資產為所有者提供了“血腥的課程”。個人可以從這些事件中收集哪些重要的技巧來保護其加密貨幣資產？

Top 10 Crypto Security Incidents

前10個加密安全事件

The following image ranks the top ten crypto security incidents by the amount lost, covering various complex attack methods from smart contract vulnerabilities to private key leaks and database attacks.

下圖將損失的數量排名前十的加密貨幣安全事件，涵蓋了從智能合約漏洞到私有密鑰洩漏和數據庫攻擊的各種複雜攻擊方法。

Through analysis, we can see that these theft incidents not only expose specific security vulnerabilities but also reflect the weaknesses in technical protection and risk management within the crypto industry.

通過分析，我們可以看到這些盜竊事件不僅暴露了特定的安全漏洞，而且還反映了加密行業內技術保護和風險管理的弱點。

Next, we will categorize and analyze these incidents based on their causes and the lessons learned, to better understand the underlying security risks and provide references for future prevention.

接下來，我們將根據這些事件的原因和經驗教訓對這些事件進行分類和分析，以更好地了解潛在的安全風險，並為未來的預防提供參考。

1) Wallet Private Key or Security Issues

1）錢包私鑰或安全問題

Ronin Network Theft Incident (March 2022): $625 million

羅寧網絡盜竊案（2022年3月）：6.25億美元

The Ronin Network is a scaling solution designed for blockchain games and NFTs, created by the Axie Infinity development team Sky Mavis to address Ethereum's limitations in transaction fees and processing speed.

Ronin網絡是一種用於區塊鏈遊戲和NFTS的縮放解決方案，由Axie Infinity Development Team Mavis創建，旨在解決以太坊的交易費用和處理速度的限制。

In March 2022, the Ronin Network was attacked by the North Korea-supported hacker group Lazarus Group, resulting in a loss of approximately $625 million in Ethereum and USDC. The hackers successfully controlled five nodes by attacking the network's validation nodes, enabling them to create and sign malicious transactions, ultimately transferring funds to addresses they controlled.

2022年3月，羅寧網絡遭到朝鮮支持的黑客集團Lazarus集團的襲擊，導致以太坊和USDC損失了約6.25億美元。黑客通過攻擊網絡的驗證節點，成功地控制了五個節點，使他們能夠創建和簽署惡意交易，最終將資金轉移到控制的地址。

Coincheck Theft Incident (January 2018): $534 million

COINCHECK盜竊事件（2018年1月）：5.34億美元

Coincheck is one of the more well-known CEXs in the Japanese crypto market, having been established in 2012 and focusing on providing secure and convenient trading services.

Coincheck是日本加密貨幣市場中最著名的CEX之一，該市場成立於2012年，專注於提供安全便捷的交易服務。

In January 2018, Coincheck suffered a hacker attack due to security issues with its hot wallet, resulting in a loss of approximately $534 million in NEM tokens.

2018年1月，由於其熱錢包的安全問題，Coincheck遭受了黑客襲擊，導致NEM令牌損失了約5.34億美元。

DMM Bitcoin Theft Incident (May 2024): $305 million

DMM比特幣盜竊事件（2024年5月）：3.05億美元

DMM Bitcoin is also a crypto CEX based in Japan, having been established in 2018.

DMM比特幣也是總部位於日本的加密CEX，成立於2018年。

In May 2024, DMM Bitcoin was attacked by hackers, leading to the theft of approximately 4,500 bitcoins (valued at about $305 million at the time). Although the specific method of attack is still under investigation, reports suggest that leaked private keys may have been a key factor in the hackers' intrusion.

2024年5月，DMM比特幣遭到黑客襲擊，導致盜竊約4,500比特幣（當時價值約3.05億美元）。儘管仍在研究特定的攻擊方法，但報告表明，洩漏的私鑰可能是黑客入侵的關鍵因素。

KuCoin Theft Incident (September 2020): $275 million

Kucoin盜竊事件（2020年9月）：2.75億美元

KuCoin is a well-known CEX based in Singapore, having been established in 2017.

Kucoin是一家著名的CEX，位於新加坡，成立於2017年。

In September 2020, KuCoin suffered a hacker attack, resulting in a loss of approximately $275 million in various crypto tokens. The hackers successfully stole a large amount of assets by obtaining the private keys of the CEX's hot wallet.

2020年9月，Kucoin遭受了黑客襲擊，導致各種加密代幣損失了約2.75億美元。黑客通過獲得CEX熱錢包的私鑰成功偷走了大量資產。

Summarizing these four theft incidents, it is evident that they all resulted from insufficient security of hot wallets or nodes. Validation nodes and hot wallets, due to their internet connectivity and convenience, are easy targets for hacker attacks. Hackers employ various methods, including malware, phishing attacks, or exploiting internal platform vulnerabilities to obtain private keys. Once an attack is successful, hackers can quickly transfer assets, leading to irreparable losses. In contrast, cold wallets and other storage options that are not connected to the internet can effectively avoid the risks of online attacks, making them a relatively safer choice for storing crypto assets.

總結這四起盜竊事件，很明顯，它們都是由於熱錢包或節點的安全性不足所致。由於其互聯網連接和便利性，驗證節點和熱錢包是黑客攻擊的簡單目標。黑客採用各種方法，包括惡意軟件，網絡釣魚攻擊或利用內部平台漏洞以獲取私鑰。一旦攻擊成功，黑客就可以迅速轉移資產，從而導致無法彌補的損失。相比之下，與互聯網連接的冷錢包和其他存儲選項可以有效地避免在線攻擊的風險，從而使它們成為存儲加密資產的相對更安全的選擇。

Additionally, for CEXs, ensuring strict management and secure storage of private keys is key to preventing large-scale theft of funds, while for individual users, properly safeguarding private keys is equally crucial for asset security. Once a private key is lost or leaked, users will completely lose control over their assets, and no third party can help recover the funds. Therefore, both CEXs and individuals need to establish more robust

此外，對於CEXS，確保嚴格的管理和安全存儲私鑰是防止大規模盜竊資金的關鍵，而對於個人用戶來說，正確保護私鑰對資產安全同樣至關重要。一旦丟失或洩漏了私鑰，用戶將完全失去對其資產的控制權，沒有第三方可以幫助收回資金。因此，CEX和個人都需要建立更健壯的