Bybit Hack：与朝鲜相关的Lazarus集团利用关键缺陷在ETH中窃取$ 1.5B

交换平台的安全是加密货币世界中的一个核心问题。一场新的攻击再次强调了该行业的脆弱性：最有影响力的交流之一BYBIT遭受了异常黑客事件，估计以太坊损失了15亿美元。

A recent attack on Bybit, one of the world's largest cryptocurrency exchanges, has once again highlighted the vulnerability of centralized platforms and the challenges in protecting users' funds. According to initial investigations, the Lazarus group, a cybercriminal organization affiliated with North Korea, is suspected to be behind this attack, which resulted in a loss of approximately $1.5 billion in Ethereum.

最近对世界上最大的加密货币交易所之一Bybit的攻击再次强调了集中式平台的脆弱性以及保护用户资金的挑战。根据初步调查，与朝鲜相关的网络犯罪组织Lazarus集团被认为是这次袭击的幕后黑手，导致以太坊损失了约15亿美元。

The attack was detected on Friday by on-chain analysts, including ZachXBT, who alerted to a suspicious movement of 400,000 ETH from the platform's cold wallets. The funds were swiftly transferred out of the exchange and quickly exchanged for staked tokens (mETH and stETH) before being converted back into Ethereum. Ben Zhou, CEO of Bybit, later confirmed the attack during a livestream, revealing that the exchange lost around 70% of its ETH reserves in the incident.

周五，包括Zachxbt在内的链分析师发现了这次袭击，他们向平台的冷钱包中的40万ETH提醒了可疑的运动。这些资金迅速从交易所转移到交换中，并迅速换成汤匙的代币（甲基甲基苯甲酸甲酚和steth），然后转换回以太坊。拜比特（Bybit）首席执行官本周（Ben Zhou）随后在直播中证实了这次袭击，透露该交易所在事件中损失了约70％的ETH储备。

Cybersecurity experts from Cyvers suggest that the attackers exploited a flaw in the transaction signing system, deceiving the holders of Bybit's private keys and leading them to approve a fraudulent transaction that appeared legitimate. According to Jack Sanford, CEO of Sherlock DeFi, the attackers might have altered the parameters of the multisig smart contract, allowing them to take control of the funds. While the precise details of the compromise are still emerging, several hypotheses point to an intrusion through the user interface or an infection of the signatories' computers.

来自Cyers的网络安全专家表明，攻击者在交易签名系统中利用了一个缺陷，欺骗了Bybit的私钥持有人，并带领他们批准了似乎合理的欺诈交易。 Sherlock Defi首席执行官杰克·桑福德（Jack Sanford）表示，攻击者可能改变了Multisig智能合约的参数，从而使他们能够控制资金。虽然妥协的确切细节仍在出现，但一些假设表明，通过用户界面或签名人的计算机感染了入侵。

Despite the severity of the hack, Bybit assured that users' funds were covered 1:1 and that the exchange faced no risk of insolvency. In a message to investors posted on X (formerly Twitter) on February 22, Ben Zhou stated that the exchange had already secured a bridge loan covering 80% of the stolen amount to maintain its liquidity and honor withdrawal requests.

尽管黑客严重程度，Bybit仍保证用户的资金涵盖了1：1，而交易所没有遇到破产的风险。在2月22日在X（以前是Twitter）上发布的投资者的一封信中，本周说，该交易所已经获得了一笔桥梁贷款，覆盖了被盗金额的80％，以维持其流动性和荣誉撤回请求。

Facing pressure from investors and market observers, Bybit opted not to suspend withdrawals, although Changpeng Zhao, former CEO of Binance, recommended a temporary freeze in a post on X on February 21 to prevent widespread panic. This approach differs from that taken by other platforms that encountered similar attacks, such as FTX or Celsius, which chose to temporarily block access to funds, leading to user distrust.

面对投资者和市场观察家的压力，拜特比特选择不暂停撤军，尽管毕省前首席执行官Changpeng Zhao在2月21日的X帖子中推荐了临时冻结，以防止广泛的恐慌。这种方法与遇到类似攻击的其他平台（例如FTX或Celsius）所采用的方法有所不同，FTX或Celsius选择暂时阻止对资金的访问，从而导致用户不信任。

Such a hack could mark a turning point in how centralized platforms manage their reserves and secure their infrastructures. The involvement of the Lazarus group, known for its sophisticated attacks, raises questions about the adequacy of existing regulation and security protocols, which may need to be strengthened to prevent such disasters.

这样的黑客可能标志着集中式平台如何管理其储备并确保其基础架构的转折点。拉撒路集团以其复杂的攻击而闻名的拉撒路集团的参与提出了有关现有法规和安全协议是否适当的疑问，这可能需要加强以防止此类灾难。

In the aftermath of the incident, some voices are advocating for hybrid solutions that combine the security of cold wallets with the flexibility of validation systems, to enhance the protection of user funds. Others, like Arthur Hayes, co-founder of BitMEX, took a more provocative approach, calling on Vitalik Buterin to "rollback the Ethereum blockchain," alluding to the DAO Hack of 2016 that led to a fork of the network. While such action is now highly unlikely, this incident brings the debate on the reliability of centralized exchanges and the need for investors to diversify their storage strategies back to the forefront.

事件发生后，一些声音提倡将冷钱包的安全性与验证系统的灵活性相结合，以增强对用户资金的保护。其他人，例如Bitmex的联合创始人亚瑟·海斯（Arthur Hayes）采取了一种更具挑衅性的方法，呼吁Vitalik Buterin“回滚以太坊区块链”，暗示了2016年的Dao Hack，这导致了网络的叉子。尽管现在不太可能采取这种行动，但此事件引发了关于集中交流的可靠性的辩论，以及投资者需要将其存储策略多样化回到最前沿的辩论。

As the crypto ecosystem continues to expand and face new challenges, the Bybit affair serves as a reminder of the importance of sound infrastructure and robust security measures to safeguard users' assets in the digital realm.

随着加密生态系统继续扩展并面临新的挑战，bybit事件提醒人们，声音基础架构和强大的安全措施对维护数字领域中的用户资产的重要性。