谈论李和谈论外面

是（2月21日）

Some friends were still immersed in the joy of "the bull returning quickly" yesterday (February 21), as Bitcoin rebounded to around $99,500 and Ethereum also bounced back to around $2,850. Let's not get into whether yesterday's rebound was a trap; it seems that this market trend has given some partners hope again.

一些朋友仍然沉迷于昨天（2月21日）（2月21日）的“公牛迅速返回”的喜悦，因为比特币反弹至99,500美元左右，以太坊也弹回到了2,850美元左右。让我们不要介绍昨天的反弹是否是陷阱。看来这种市场趋势使一些合作伙伴再次希望。

However… by the evening, the market faced a black swan event: the Bybit exchange was hacked, with over 510,000 ETH stolen (worth about $1.5 billion, including 401,347 ETH, 90,376 stETH, 15,000 cmETH, and 8,000 mETH).

但是……到了晚上，市场面临黑天鹅活动：拜比特交易所被黑客入侵，超过51万ETH被盗（价值约15亿美元，其中包括401,347 ETH，90,376 Steth，15,000 Cmeth和8,000 Meth）。

We don't need to delve too deeply into the complex attack techniques; interested friends can look it up online. Here, we will simply explain it in layman's terms:

我们不需要深入研究复杂的攻击技术。有兴趣的朋友可以在线查找。在这里，我们将简单地用外行的术语解释：

There is an exchange called Bybit, and their multi-signature cold wallet is managed and authorized by a few individuals, namely Zhang San, Li Si, and Wang Wu. Any transaction must be signed by all of them to be completed. So, the hacker used some special means to locate these individuals (which falls under social engineering attacks) and continued to implant malware on their computers through some special methods. One day, the three individuals received a signature request for a transfer, showing that 500 ETH was to be transferred out. Zhang San saw that there was no problem with the operation interface, so he signed it as usual, and then Li Si and Wang Wu did the same. However, the signature interface they saw was forged by the hacker, resulting in the simultaneous signatures transferring 500,000 ETH to the hacker's wallet address.

有一个称为bybit的交流，他们的多签名冷钱包由少数个人（即张圣，李si和王王）管理和授权。所有交易必须由所有交易签署，以要完成。因此，黑客使用了一些特殊的手段来定位这些人（属于社会工程攻击），并通过一些特殊的方法继续将恶意软件植入计算机。有一天，这三个人收到了转会的签名请求，表明将要转移500 enth。张圣山（Zhang San）看到操作界面没有问题，因此他照常签名，然后李·赛（Li Si）和王吴（Wang Wu）也做了同样的事情。但是，他们看到的签名接口是由黑客锻造的，导致同时签名将500,000 ETH转移到黑客的钱包地址。

After the Bybit attack incident occurred, various speculations emerged online. Some said it was an inside job, while others claimed it was the work of a North Korean hacker organization, and even some users from the PI community were spreading the word that they would take responsibility for the incident…

在发生BYBIT攻击事件后，在线出现了各种猜测。一些人说这是一项内部工作，而另一些人则声称这是一个朝鲜黑客组织的工作，即使是PI社区的一些用户也在传播他们对这一事件负责的词……

However, after analyzing the situation throughout the morning, it seems that professionals have largely determined that this attack was carried out by the North Korean hacker group Lazarus Group, using a method called blind signature, where the UI displayed to the user on the infected device differs from what actually happens in the background. The specific process is roughly as we described in layman's terms. Interested friends can also consider looking at the detailed report released by Slow Mist for a more professional interpretation.

但是，在整个早晨分析了情况之后，似乎专业人士在很大程度上确定了这次攻击是由朝鲜黑客组Lazarus Group进行的，使用了一种称为盲签名的方法，在该方法中，UI在其中向用户显示了受感染设备上的用户与背景中实际发生的事情不同。正如我们在外行所描述的那样，具体过程大致是。有兴趣的朋友还可以考虑查看Slow Mist发布的详细报告，以进行更专业的解释。

The North Korean hacker organization Lazarus Group has been accused of multiple cyber attacks since 2010, including the Sony Pictures hack, the 2016 bank heist, the "WannaCry" ransomware attack, and several attacks targeting cryptocurrency and pharmaceutical companies. As shown in the image below.

自2010年以来，朝鲜黑客组织Lazarus Group被指控多次网络攻击，包括索尼影业黑客，2016年银行抢劫，“ WannaCry”勒索软件攻击以及针对加密货币和制药公司的几项攻击。如下图所示。

Below are some attacks by the Lazarus Group in the cryptocurrency field:

以下是拉撒路集团在加密货币领域的一些攻击：

And so on…

等等…

It can also be seen that this Bybit hack is the largest theft incident in history. Although this black swan event is quite significant, it seems that it hasn't caused a heavy blow to the overall market. As of the time of writing, Bitcoin's price remains around $96,000, and Ethereum's price stays around $2,700. There were only some minor incidents during this period, such as:

还可以看出，这种bybit hack是历史上最大的盗窃事件。尽管这个黑天鹅事件非常重要，但似乎并没有给整个市场造成沉重打击。截至撰写本文时，比特币的价格仍约为96,000美元，以太坊的价格停留在2,700美元左右。在此期间，只有一些小事件，例如：

MNT (Bybit's token) dropped 10% within minutes, as shown in the image below.

如下图所示，MNT（BYBIT的令牌）在几分钟内下降了10％。

USDE decoupled by 5%, but quickly rebounded. This also indirectly caused ENA to drop and then rise, with a direct increase of about 10% today. This might also be due to Ethena's timely public relations efforts, as shown in the image below.

USDE脱钩5％，但很快反弹。这也间接导致ENA下降然后上升，今天直接增加了约10％。如下图所示，这也可能是由于Ethena及时的公共关系努力所致。

Looking back at the situation over the past ten hours, Bybit's public relations handling has been quite good. For instance, within 30 minutes of the incident, Bybit's CEO responded on the X platform, and within the next 10 minutes, Bybit's official account also released an official statement. The CEO even held a live stream to answer some community questions. This speed and attitude in handling the situation have been quite helpful in stabilizing market sentiment temporarily.

回顾过去十个小时的情况，拜比特的公共关系处理非常好。例如，在事件发生后的30分钟内，Bybit的首席执行官在X平台上做出了回应，在接下来的10分钟内，Bybit的官方帐户还发布了官方声明。首席执行官甚至举行了现场直播来回答一些社区问题。处理这种情况的速度和态度对暂时稳定市场情绪非常有帮助。

However, the internet is still filled with various messages and speculations. My suggestion is that everyone should at least remain calm and avoid clicking on random links to prevent phishing. I have noticed that some people have started to promote scam wallets using this hot topic, luring users to download them under the guise of protecting their assets. If you are concerned about the safety of your assets, you might consider temporarily transferring them to larger exchanges like Binance or OKX.

但是，互联网仍然充满了各种消息和猜测。我的建议是，每个人都至少应该保持冷静，并避免单击随机链接以防止网络钓鱼。我已经注意到，有些人已经开始使用此热门话题来促进骗局，以保护用户以保护其资产的幌子下载它们。如果您担心资产的安全性，则可以考虑将它们暂时转移到诸如Binance或OKX等较大的交易所中。

Since the hackers are from North Korea, the probability of recovering the stolen assets is quite low. This loss will likely have to be borne by Bybit itself. As for how they will bear it, whether Bybit will purchase ETH

由于黑客来自朝鲜，因此恢复被盗资产的可能性很低。这种损失可能必须由Bybit本身承担。至于他们将如何承担它，bybit是否会购买ETH