The only thing we can trust is technology, not "people" or "platforms."
Author: Yue Xiaoyu
1. First, let’s explain in simple terms how Bybit was hacked:
Bybit uses a Safe multi-signature wallet, with a signature setup of 3/3, meaning three people need to sign to complete a transaction, and each signer uses a hardware cold wallet.
The Safe multi-signature smart contract has been validated over many years and is reliable in itself. Additionally, since the signers use hardware cold wallets, the private keys are physically isolated and not connected to the internet.
Multi-signature wallets + cold wallets can be considered the safest wallet methods currently available.
But why was it still hacked?
The hackers used social engineering attacks.
If they cannot directly breach the technology, they attack "people" instead.
The hackers first infiltrated the computers of the three signers, and then while they were performing routine operations (like signing a transfer), they secretly replaced the signature content.
The signers thought they were signing a normal transaction on the webpage, but in reality, the hackers replaced the content with "malicious signatures," such as upgrading the Safe contract to a malicious contract they had prepared in advance.
Unknowingly, the three signers signed off, and as a result, the hackers used this malicious contract to withdraw all the funds.
2. What exactly is a social engineering attack?
A social engineering attack is a type of attack that has a very high cost, involves very complex methods, but is also very effective.
In this attack incident, the exchange itself had already employed all the highest security measures, including multi-signature smart contracts, hardware wallet devices, and a tightly organized offline company structure, yet it still could not prevent this type of social engineering attack.
The hackers directly targeted the few signers of the multi-signature wallet, and infiltrating the signers' computers was an easier breakthrough.
How did they infiltrate the staff's computers?
Specific methods include sending phishing emails, implanting malware, or exploiting personal security habit vulnerabilities of the signers (such as using weak passwords or not enabling two-factor authentication).
Once the computer is hacked, the hackers can take control of the staff's devices and alter any information.
Social engineering attacks have a strong concealment aspect; the signers may think they have completed their routine work, and the system logs record a "contract upgrade" as a legitimate operation, rather than an obvious "fund transfer."
By the time the funds were withdrawn, Bybit only realized what happened, but it was already too late.
Of course, social engineering attacks are not impossible to prevent; they require a set of rigorous measures and long-term protection.
The best measures include strict control over the relevant devices of internal personnel and monitoring any behavioral anomalies, such as isolating the use of dedicated devices, implementing device whitelists and monitoring, and conducting regular checks and updates.
3. What will happen to Bybit after the hack?
First, we need to see if Bybit has the ability to withstand the recent user withdrawal rush. If Bybit cannot hold on, it could become another FTX, potentially dragging our industry into a new bear market;
Second, we need to see if Bybit has the ability to compensate for the stolen funds. If they cannot compensate, declaring bankruptcy could similarly drag our industry into a bear market.
So, what is Bybit's current financial situation?
Bybit is the second-largest cryptocurrency exchange in the world, with an average daily trading volume reaching $36 billion and over 60 million users. With such a large scale, its profitability is certainly not poor.
Industry estimates suggest that leading exchanges like Bybit primarily earn through transaction fees, leveraged trading interest, and profit-sharing from financial products, with annual net profits fluctuating between $1.5 billion and $5 billion.
Now, let’s look at Bybit's asset scale. Before the hack, its total reserve assets were reportedly over $16 billion.
In comparison, a $1.5 billion shortfall accounts for less than 10% of total assets, which is not a fatal blow.
Moreover, Bybit's CEO Ben Zhou has publicly stated that customer assets are backed 1:1, meaning user funds are secure, and the funding gap created by the hack mainly affects the company's own profits and reserves.
In summary, there are three possible scenarios:
Best case: The rush is stabilized, Bybit uses loans and its own assets to fill the remaining gap, and recovers within six months. Market confidence rebounds, and the industry continues its bull market pace.
Middle case: The rush continues for a while but does not spiral out of control. Bybit has to tighten its belt, share profits less for a few years, and gradually fill the hole. The industry is somewhat affected, with ETH and altcoins correcting, but it does not lead to a bear market.
Worst case: The rush spirals out of control, Bybit cannot hold on and goes bankrupt, the $1.5 billion shortfall triggers a trust crisis, and the industry suffers significantly, leading to an early bear market.
4. What is the takeaway for ordinary users?
Many people say, “Novice users should not manage their own private keys; it’s unsafe. It’s better to keep funds on exchanges for safety.”
The continuous hacking of exchanges is a strong rebuttal to such statements.
Do not blindly trust the technical strength of exchanges, nor their security; in fact, the potential risks of exchanges are very high.
Why are the potential risks of exchanges greater?
The biggest risk of such centralized platforms is that all user assets are concentrated in one place, effectively making it a large target for attacks.
There is no absolutely secure system in the world. All systems can be breached, but attacks come with costs, so it depends on how great the target reward is.
When the reward for an attack is sufficiently large, the methods and costs of the attack will also be amplified.
Exchanges are a prominent large target; their wallet addresses are mostly public, and the flow of funds is also public. Therefore, as long as more resources are invested in the attack, there will eventually be a day when they are breached.
Thus, the only thing we can trust is technology, not "people" or "platforms."
Therefore, it is still important to call on ordinary users to use decentralized wallets as much as possible, manage their own private keys, or even better, use keyless wallets directly.
The Web3 world is like a dark forest; we are both hunters and prey, and every step must be cautious. Only in this way can we survive longer and go further.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
