Bybit创始人提出了对Multisig Wallet提供商安全可能已被妥协的担忧，使黑客可以窃取$ 1.4B的ETH

周在现场直播中解释说，攻击是针对拜比特（Bybit）以太坊冷钱包的攻击

Cryptocurrency exchange Bybit has fallen victim to a large-scale attack, with hackers making off with a total of $1.4 billion in Ethereum. The attack was carried out by manipulating a multisig wallet transaction, ultimately leading to the theft of the funds from Bybit's Ethereum cold wallet.

加密货币交易所Bybit遭受了大规模袭击的受害者，黑客以以太坊的总计14亿美元降低了。这次袭击是通过操纵Multisig Wallet交易来进行的，最终导致Bybit的Ethereum Cold Wallet盗窃了资金。

According to Bybit founder and CEO Ben Zhou, the attackers were able to alter the signing message during the transaction process, ultimately allowing them to modify the smart contract logic of the cold wallet and gain control over its funds. The attack was carried out in a way that made it appear as a legitimate Safe transaction, with an altered URL that redirected users to the official Safe website.

根据Bybit创始人兼首席执行官Ben Zhou的说法，攻击者能够在交易过程中更改签名消息，最终使他们能够修改冷钱包的智能合同逻辑并获得对其资金的控制权。攻击是以使其作为合法安全交易的方式进行的，其URL已更改，将用户重定向到官方安全网站。

“It was a normal URL. I double-checked. It was the Safe URL from the official Safe website. We always use the official website,” stated Zhou during a live stream.

“这是一个普通的URL。我仔细检查了。这是官方安全网站的安全URL。我们总是使用官方网站。”在直播期间说。

As part of standard security measures, Zhou recounted how he personally verified the UI and ensured that the destination address matched Bybit's warm wallet before approving the transfer. However, the manipulation of the signing message went undetected during the approval process.

作为标准安全措施的一部分，周回到了他如何亲自验证UI的方式，并确保目标地址在批准转移之前与Bybit的温暖钱包相匹配。但是，在批准过程中未发现签名消息的操纵。

“The hacker changed that transaction into upgrading or changing the Safe smart contract logic so that he gained control over the entire Ethereum cold wallet,” explained Zhou.

“黑客将这笔交易改为升级或更改安全的智能合同逻辑，以使他能够控制整个以太坊冷藏钱包，” Zhou解释说。

The stolen funds were not limited to Bybit's own holdings, with a significant portion being borrowed from partners to maintain liquidity during the attack. The total amount stolen includes:

被盗的资金不仅限于拜比特自己的股份，其中很大一部分是从合作伙伴那里借来的，以维持袭击时的流动性。被盗的总金额包括：

Bybit client funds: $340 million

Bybit客户资金：3.4亿美元

Funds borrowed from Genesis: $290 million

从创世纪借来的资金：2.9亿美元

Funds borrowed from BlockFi: $120 million

从Blockfi借来的资金：1.2亿美元

Funds borrowed from Five Star: $640 million

从五星级借来的资金：6.4亿美元

Despite the large-scale attack, Zhou assured users that withdrawals are still open, although processing times have increased due to a surge in requests. At one point, Bybit was handling nearly 100 times the normal withdrawal volume.

尽管发生了大规模的攻击，但周向用户保证，提款仍开放，尽管由于请求激增，处理时间增加了。在某一时刻，Bybit处理了正常戒断量的近100倍。

“Withdrawals are still open, but processing times may vary. At the peak, we were handling nearly 100x the normal withdrawal volume,” stated Zhou.

“取款仍然开放，但是处理时间可能会有所不同。在高峰期，我们正在处理近100倍正常的戒断体积。”周说。

According to the Bybit founder, the exchange is currently relying on a bridge loan from partners to maintain liquidity while they work to resolve the issue.

根据Bybit创始人的说法，该交易所目前依靠合作伙伴的桥梁贷款来维持流动性来解决该问题。

“We are not currently buying ETH. We secured almost 80% of the stolen amount as a bridge loan to maintain liquidity,” confirmed Zhou.

“我们目前没有购买ETH。我们确认，我们将近80％的被盗金额作为桥梁贷款来维持流动性。”

suggesting that the stolen funds may still be recoverable. Following the attack, Safe has paused its services to conduct further internal investigations.

暗示被盗资金可能仍然可以收回。袭击发生后，安全暂停了其服务以进行进一步的内部调查。

“It could be that the Safe server was hacked, but we don't know yet. We are actively working with Safe to uncover what happened,” stated Zhou.

“可能是安全服务器被黑客入侵，但我们还不知道。我们正在积极地与安全合作，以发现发生的事情。”周说。

In an effort to track and recover the stolen assets, Bybit has received support from several major cryptocurrency exchanges, including Binance, MEXC, and Gate. These exchanges have pledged to assist in monitoring and blocking the movement of the stolen funds.

为了追踪和恢复被盗资产，Bybit已获得了包括Binance，MEXC和Gate在内的几个主要加密货币交易所的支持。这些交流已承诺协助监视和阻止被盗资金的移动。

Additionally, Zhou urged the involvement of security firms and blockchain analysts in hopes of freezing the stolen Ethereum before it could be laundered.

此外，周敦促安全公司和区块链分析师参与，希望在洗钱之前冻结被盗的以太坊。

“We hope that security firms and blockchain analysts can help us track this stolen ETH and get it frozen before they can be laundered,” stated Zhou.

周说：“我们希望安全公司和区块链分析师能够帮助我们跟踪这种被盗的ETH并在洗钱之前将其冷冻。”

Bybit has confirmed that it possesses the financial reserves to cover client losses, with the stolen Ethereum constituting only a fraction of the exchange's total assets. The company also stated that they will continue updating users on the situation as the investigation progresses.

拜比特（Bybit）已经确认，它拥有财务储备以弥补客户损失，而被盗的以太坊仅占交易所总资产的一小部分。该公司还表示，随着调查的进行，他们将继续向用户更新用户。

“We will continue enhancing our security measures and keeping you updated on the investigation,” stated Bybit.

Bybit说：“我们将继续增强我们的安全措施，并使您对调查进行最新消息。”