Bybit Hack在14亿美元与以太有关的代币被盗之后，派遣了涟漪。

黑客的后果使许多人想知道出了什么问题，他们自己的资金是否安全，以及应该采取什么措施来防止此类事件再次发生。

The February hack against Bybit sent ripples through the industry after $1.4 billion in Ether-related tokens were stolen from the centralized exchange, reportedly by the North Korean hacking collective Lazarus Group, in what was the most costly crypto theft ever.

据报道，据报道是北朝鲜黑客集体拉萨鲁斯集团（Lazarus Group），这是有史以来最昂贵的加密盗窃案，这是2月对拜比特（Bybit）的黑客攻击，这是北朝鲜黑客集体拉撒路集团（The Collean Collective Lazarus Group），这是有史以来最昂贵的加密盗窃案。

The fallout from the hack has left many people wondering what went wrong, whether their own funds are safe, and what should be done to prevent such an event from happening again.

黑客的后果使许多人想知道出了什么问题，他们自己的资金是否安全，以及应该采取什么措施来防止此类事件再次发生。

According to blockchain security company CertiK, the massive heist represented roughly 92% of all losses for February, which saw a nearly 1,500% increase in total lost crypto from January as a result of the incident.

根据区块链安全公司Certik的说法，大规模的抢劫案约占2月所有损失的92％，由于事件起，一月起，总丢失加密货币的总丢失量增长了近1,500％。

On Episode 57 of Contelegraph’s The Agenda podcast, hosts Jonathan DeYoung and Ray Salmond speak with CertiK’s chief business officer, Jason Jiang, to break down how the Bybit hack happened, the fallout from the exploit, what users and exchanges can do to keep their crypto secure, and more.

在Ponegraph的《议程播客》的第57集中，主持乔纳森·迪尤（Jonathan Deyoung）和雷·萨尔蒙德（Ray Salmond）与Certik的首席业务官Jason Jiang交谈，以打破Bybit Hack发生的情况，利用的后果，用户和交流的影响，用户和交流可以做什么以保持其隐态安全以及更多。

Are crypto wallets still safe after Bybit hack?

Bybit Hack之后，加密钱包仍然安全吗？

Put simply, Lazarus Group was able to pull off the massive hack against Bybit because it managed to compromise the devices of all three signers who controlled the multisignature SafeWallet Bybit was using, according to Jiang. The group then tricked them into signing a malicious transaction that they believed was legit.

简而言之，Lazarus Group能够对BYBIT进行大规模的黑客攻击，因为它设法妥协了控制了控制多符号Safewallet Bybit的所有三个签名者的设备。然后，小组欺骗他们签署了他们认为合法的恶意交易。

Does this mean that SafeWallet can no longer be trusted? Well, it’s not so simple, said Jiang. “It is possible that when the Safe developer’s computer got hacked, more information was leaked from that computer. But I think for the individuals, the likelihood of this happening is rather low.”

这是否意味着Safewallet不能再被信任？江说，这并不是那么简单。 “当安全开发人员的计算机被黑客入侵时，可能会从该计算机中泄漏更多信息。但是我认为，对于个人来说，这种情况的可能性很低。”

He said there are several things the average user can do to drastically increase their crypto security, including storing assets on cold wallets and being aware of potential phishing attacks on social media.

他说，普通用户可以做几件事以急剧提高加密货币安全性，包括将资产存储在冷钱包上，并意识到社交媒体上潜在的网络钓鱼攻击。

Source: CertiK

资料来源：certik

When asked whether hodlers could see their Ledger or Trezor hardware wallets exploited in a similar manner, Jiang again said that it’s not a big risk for the average user — as long as they do their due diligence and transact carefully.

当被问及霍德尔（Hodlers）是否可以看到他们的分类帐或以类似方式利用的勒索（Trezor）硬件钱包时，江再次表示，只要他们进行尽职调查并仔细地进行交易，这对普通用户来说并不是很大的风险。

“One of the reasons that this happened was that the signers were like a blind-send-signing the order, just simply because their device did not show the full address,” he said, adding, “Make sure that the address you are sending to is what you’re intending to, and you want to double check and triple check, especially for larger transactions.”

他说：“发生这种情况的原因之一是签名人就像一个盲目的签字订单，仅仅是因为他们的设备没有显示完整的地址，”他补充说，“请确保您要发送的地址就是您的意图，并且您想仔细检查和三重检查，尤其是对更大的交易。”

How to prevent the next multibillion-dollar exchange hack

如何防止下一个数十亿美元的交换黑客

Jiang pointed to a lack of comprehensive regulations and safeguards as a potential element contributing to the ongoing fallout from the hack, which fueled debates over the limits of decentralization after several validators from crosschain bridge THORChain refused to roll back or block any of Lazarus Group’s efforts to convert its funds into Bitcoin (BTC).

江指出，缺乏全面的法规和保障措施，这是导致黑客袭击的潜在因素，这加剧了关于权力下放的限制的辩论，此前几位来自十字架桥梁thorchain的验证者拒绝退后或阻止拉扎鲁斯集团将其资金转换为比特币（BTC）的任何努力）。

“Welcome to the Wild West,” said Jiang. “This is where we are right now.”

“欢迎来到野外西部，”江说。 “这是我们现在所处的地方。”

“From our view, we think crypto, if it is to be flourishing, it needs to hug the regulation. To make it easy to be adopted by the mass general here, we need to hug the regulation, and we need to figure out ways to make this space safer.”

“从我们的看来，我们认为加密货币，如果要蓬勃发展，它需要拥抱该法规，以使这里的大规模将军很容易地采用，我们需要拥抱该法规，我们需要找出使这个空间更安全的方法。”

Related: Financial freedom means stopping crypto MEV attacks — Shutter Network contributor

相关：财务自由意味着停止加密MEV攻击 - 快门网络贡献者

Jiang commended Bybit CEO Ben Zhou on his response to the incident, but he also pointed out that the exchange’s bug bounty program prior to the hack had a reward of just $4,000. He said that while most people in cybersecurity are not motivated by money alone, having larger bug bounties can potentially help exchanges stay more secure.

江对拜比特首席执行官本·周（Ben Zhou）对此事件的回应表示赞赏，但他还指出，在黑客之前，交易所的漏洞赏金计划只有4,000美元。他说，尽管大多数网络安全的人都不是仅仅由钱而动机，但是拥有更大的漏洞赏金可以帮助交换更加安全。

When asked about the ways exchanges and protocols can motivate and retain top-tier talent to help protect their systems, Jiang suggested that security engineers don’t always get the credit they deserve.

当被问及交流和协议可以激励和保留顶级人才以帮助保护自己的系统的方式时，江建议安全工程师并不总是获得应有的信誉。

“A lot of people say that the first-degree talent goes to the developers because that’s where they will get most rewarding,” he said. “But it’s also about us giving enough attention to the security engineers. They carry a huge responsibility.”

他说：“很多人说，一级才能归功于开发人员，因为那是他们将获得最有意义的地方。” “但这也是关于我们对安全工程师的充分关注。他们承担着巨大的责任。”

To hear more from Jiang’s conversation with The Agenda — including how CertiK carries out audits, how quantum computing and AI will impact cybersecurity, and more — listen to the full episode on Cointelegraph’s Podcasts page, Apple Podcasts or Spotify. And don’t forget to check out Cointelegraph’s full lineup of other shows! 

要聆听江格与议程的对话的更多信息，包括Certik如何进行审计，量子计算和AI将如何影响网络安全等等 - 聆听Cointelegraph的播客页面上的完整剧集，Apple Podcasts或Spotify。而且，不要忘记查看Cointelegraph的其他演出阵容！

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

本文是出于一般信息目的，不打算被视为法律或投资建议。这里表达的观点，思想和观点是作者独自一人，不一定反映或代表Cointelegraph的观点和观点。