下一部以黑客为主题的电影可能是基于最近涉及Bybit和Safe的150万美元黑客事件。

经过一周的广泛调查，安全团队，BYBIT和安全公司提供了最新的更新。

Author: BlockBeats

作者：大块

The next hacker-themed movie may be based on the recent $1.5 billion hack incident involving Bybit and Safe. The hacker's methods are considered perfect, and no traces have been found so far.

下一部以黑客为主题的电影可能是基于最近涉及Bybit和Safe的15亿美元黑客事件。黑客的方法被认为是完美的，到目前为止尚未发现痕迹。

After a week of extensive investigation, the Safe team, Bybit, and security companies have provided the latest updates. Rhythm BlockBeats summarizes the investigation results in the simplest terms, revealing the first-hand situation of the incident:

经过一周的广泛调查，安全团队，BYBIT和安全公司提供了最新的更新。节奏块的总结总结了最简单的调查结果，揭示了事件的第一手情况：

Code is fine: The front-end code of Safe is open-source, and there are no issues at the code level; it was the security of Safe's server that was attacked.

代码很好：安全的前端代码是开源的，并且在代码级别没有问题；受到攻击的是安全服务器的安全性。

There is an "insider": Specifically, the code that was actually deployed in the production environment does not match what is shown in the open-source repository. This means that at some point, someone replaced the code or inserted malicious code during the deployment process.

有一个“内部人士”：具体来说，实际上在生产环境中部署的代码与开源存储库中显示的代码不匹配。这意味着在某个时候，有人在部署过程中替换了代码或插入恶意代码。

Insider's identity unknown: Not all developers have the permission to deploy production environment code. Those who can perform such deep operations must have a high level of trust. This "insider" could be a long-trusted developer or a team member who has gained sufficient permissions. The attacker hid their tracks for a long time, and Safe has checked historical transactions but found no anomalies or traces of the "insider," calling on the community and users to assist in the investigation.

Insider的身份未知：并非所有开发人员都有部署生产环境代码的权限。那些可以执行如此深入的操作的人必须具有很高的信任。这个“内部人士”可能是获得足够权限的长期信任开发人员或团队成员。攻击者很长一段时间以来都隐藏了他们的步伐，安全检查了历史交易，但没有发现“内部人士”的异常或痕迹，呼吁社区和用户协助调查。

In addition, Safe has not mentioned any plans to assist with compensation, only discussing some follow-up upgrade plans, while reminding everyone to remain rational and not to believe those marketing their so-called "advanced multi-signature," "semi-custodial," "MPC," and other products in light of this hacking incident, as these products may actually expand the attack surface.

此外，Safe尚未提及任何协助赔偿的计划，只讨论一些后续升级计划，同时提醒所有人保持理性，并且不相信那些在这种黑客攻击事件的情况下，这些产品可能会扩大攻击表面。

In fact, this is not the first theft incident involving Safe's multi-signature. The method used this time is very similar to the Radiant Capital hack incident in October last year. In that incident, the hacker also infected the devices of core developers, implanting malware that caused the developers to mistakenly believe they were performing legitimate operations while actually executing malicious transactions in the background.

实际上，这并不是涉及Safe多签名的第一次盗窃事件。这次使用的方法与去年10月的Radiant Capital Hack事件非常相似。在那个事件中，黑客还感染了核心开发人员的设备，植入了恶意软件，这些恶意软件使开发人员错误地认为他们正在执行合法的操作，同时实际上在后台执行了恶意交易。

Safe Can Influence a Large Portion of the Crypto Space

安全会影响加密货币空间的很大一部分

Why is this incident attracting so much attention? The reason is that Safe is the most popular multi-signature wallet in the Ethereum ecosystem.

为什么这个事件吸引了这么多关注？原因是安全是以太坊生态系统中最受欢迎的多签名钱包。

When Safe launched its token last year, the top 100 airdrop addresses were almost entirely composed of project parties, institutions, and large holders. This means that the security of Safe can influence a large portion of the crypto space.

当Safe于去年推出其代币时，排名前100的空调地址几乎完全由项目派对，机构和大型持有人组成。这意味着安全的安全可以影响加密货币空间的很大一部分。

As shown in the image, well-known names include Metamask, PleasrDao, AAVE, 1inch, Lido, and so on.

如图所示，众所周知的名称包括metamask，peamrdao，aave，1英寸，里多（Lido）等。

At the same time, in this cycle, traditional finance, traditional institutions, family funds, and old money have accelerated their entry into the market. However, due to the high barriers to entry in crypto, many have chosen relatively safer methods to protect their funds, such as multi-signature wallets like Safe.

同时，在这个周期中，传统的金融，传统机构，家庭资金和旧金加速了他们进入市场的进入。但是，由于进入加密货币的障碍很高，许多人选择了相对更安全的方法来保护其资金，例如Safe等多签名钱包。

For example, the most representative case is Trump's DeFi team.

例如，最具代表性的案件是特朗普的赛义团队。

According to Safe guardians who spoke to Rhythm BlockBeats, the simplest ways to determine whether an on-chain address is a Safe wallet address are: first, it shows "MultiSig" on ARKHAM; second, the address on the debank page will directly display "MultiSig:Safe" below it. As seen in the image, Trump's DeFi project World Liberty Fi indeed uses a multi-signature wallet.

据安全的监护人说，与节奏块的交谈，确定链链地址是否是安全钱包地址的最简单方法是：首先，它在Arkham上显示“ Multisig”；其次，拆卸页面上的地址将直接在其下方显示“ Multisig：Safe”。如图像所示，特朗普的菲迪项目世界自由fi确实使用了多种签名的钱包。

This means that any security vulnerability in Safe could trigger a massive chain reaction and butterfly effect.

这意味着安全中的任何安全脆弱性都可能触发巨大的链反应和蝴蝶效应。

Even Top Security Infrastructure in Crypto Can Have Issues

即使是加密中的顶级安全基础架构也可能存在问题

The Safe project is essentially a top-tier project in the Ethereum ecosystem, incubated by the Gnosis team.

安全项目本质上是由GNOSIS团队孵育的以太坊生态系统中的顶级项目。

Gnosis Chain, which gained prominence in the last cycle, focuses on building efficient and secure decentralized applications. According to DefiLlama data, as of the writing of this article, Gnosis Chain's total value locked (TVL) is $200 million, with a peak of $350 million.

在最后一个周期中获得了突出的GNOSIS链，重点是建立有效且安全的分散应用。根据Defillama的数据，在本文撰写本文时，Gnosis Chain的总价值锁定（TVL）为2亿美元，高峰为3.5亿美元。

In fact, the story of the Gnosis ecosystem and incubator can be traced back to 2015.

实际上，可以追溯到2015年的GNOSIS生态系统和孵化器的故事。

Compared to the now well-known Polymarket, Gnosis co-founder Martin Koeppelmann began researching decentralized prediction markets much earlier. In 2015, he published his thoughts on the combination of MarketMaker and OrderBook on his forum, which was one of the earliest concepts for decentralized prediction markets in the industry.

与现在著名的多聚市场相比，GNOSIS联合创始人马丁·科佩尔曼（Martin Koeppelmann）开始更早地研究分散的预测市场。 2015年，他在论坛上发表了关于市场制造商和订购书的结合的想法，该论坛是该行业分散预测市场的最早概念之一。

Martin Koeppelmann was also one of the earliest Ethereum developers, having joined before the DAO period. Living in Berlin, he had close interactions with Vitalik, who was also in the Berlin office at that time.

马丁·科佩尔曼（Martin Koeppelmann）也是最早的以太坊开发人员之一，在道时代之前加入。他住在柏林，与当时也在柏林办公室的维塔利克进行了密切的互动。

Over the years, he has participated in many discussions within the Ethereum development community and frequently discussed issues related to L2, ZK, and the Ethereum roadmap with Vitalik. From Martin's comments on social media, one can see his level of integration into the community.

多年来，他参加了以太坊发展社区中的许多讨论，并经常讨论与L2，ZK和Vitalik的以太坊路线图有关的问题。从马丁在社交媒体上的评论中，人们可以看到他与社区的融合水平。