On February 21, Bybit suffered a historic hacking attack, resulting in the theft of about $1.5 billion worth of Ethereum. This event quickly became an industry hotspot, triggering profound reflections on the security of crypto assets both within and outside the crypto community. Just as the crypto market was starting to rebound, this attack undoubtedly sounded the alarm for the industry, prompting exchanges to re-examine their security systems.
Over 500,000 ETH Stolen, the Largest Theft Incident in Crypto History
According to reports, the attack occurred when Bybit's Ethereum multi-signature cold wallet was executing a transfer to a hot wallet. The attackers used advanced phishing techniques and social engineering tactics to deceive the signers into approving the malicious transaction, resulting in 514,000 ETH being transferred to an unknown address. Bybit's CEO announced in a post that the attackers, by disguising the UI and URL to display the correct address while changing the smart contract logic, successfully took control of the cold wallet.
The hacker behind this attack has become the 14th largest ETH holder globally, currently holding about 0.42% of the total Ethereum supply, exceeding the ETH holdings of Fidelity and Vitalik, and more than double the Ethereum Foundation's ETH holdings. The scale of the attack and the huge amount involved make it the largest in the history of cryptocurrencies, dealing a heavy blow to the industry. As the crypto market had shown some signs of rebound after consecutive days of gains, it began to plummet significantly.
Before the news broke out, the ETH price had risen to as high as $2,845. Under the catalysis of market panic, the ETH price dropped 8% in the short term, while Bitcoin fell nearly 5% from its daily high, and other Altcoins also experienced significant declines, with over $400 million in liquidations across the network in a short period.
Fortunately, thanks to Bybit's quick response and the technical and liquidity assistance from various industry participants, the theft incident was temporarily calmed, and the Ethereum price returned above $2,700 after a day of volatility, with the market panic easing.
Crypto Exchange Security Highlighted Again
The Bybit hacking incident has once again raised widespread industry concerns about the security of cryptocurrency exchanges. Since blockchain transactions are irreversible, if funds are stolen, they are almost impossible to recover. Therefore, exchanges must adopt multi-layered security measures to ensure asset safety.
4E, as the global partner of the Argentine national team and the only recommended trading platform, has always placed asset custody security as a top priority, providing trustworthy security protection for user assets through a series of advanced and rigorous security and risk control mechanisms.
1. Separate multi-wallet system with strict cold and hot wallet ratio. 4E adopts a multi-wallet separation mechanism, with a strict cold and hot wallet ratio, storing over 95% of user funds in offline cold wallets, avoiding the risks associated with online operations and ensuring maximum asset isolation for users.
2. Multi-signature to ensure private key security. This attack exposed vulnerabilities in the cold wallet transfer process, particularly the weaknesses of multi-signature wallets when facing advanced phishing attacks. The attackers deceived the signers by disguising the UI and URL, indicating that the signature verification process is also a key point of security protection. 4E's multi-signature wallet requires the approval of multiple signers, with the signing process being multi-layered encrypted and combined with hardware security modules and strict verification procedures, ensuring non-tampering and effectively preventing similar attacks.
3. Strict regulatory requirements and process standards. 4E strictly follows regulatory requirements and process standards in every aspect of asset management. Mechanisms such as minimum privileges and multi-person back-to-back isolated operations are also applied in actual operations to minimize the possibility of human-induced risks. The decentralized and hierarchical management approach ensures that any individual's mistakes or oversights do not affect the overall platform's fund security.
4. Regular security audits. 4E collaborates with leading security companies in the industry to conduct regular security assessments and promptly identify and fix potential vulnerabilities. It has also established a weekly attack and defense exercise mechanism with partners, simulating hacker intrusions to enhance security inspection and protection capabilities. Additionally, it isolates important internal network servers, establishes permission controls, account permission recovery, and various audit and monitoring measures to prevent information leakage due to excessive privileges and establish centralized logging, processing, and alerting.
5. $100 million insurance fund: 4E has a dedicated insurance fund to address unexpected security incidents. By allocating a portion of the platform's profits to this fund, it is specifically used for various potential accidents and can be accessed when needed, providing additional security assurance for traders' assets. Currently, 4E's risk protection fund has accumulated over $100 million.
4E's series of strict security measures have significantly reduced the risk of asset theft, and its effectiveness and reliability have been proven in its past operations. Over the years, 4E has maintained a clean record with no major security incidents, earning the trust of users and positive industry recognition.
The Bybit hacking incident has undoubtedly cast a shadow over the crypto industry, but it also provides an opportunity for reflection and progress, helping to drive the synchronous upgrade of technology and regulation. The crypto industry has a promising future, and the continuously strengthened security assurance will become the driving force and foundation for the industry's sustained prosperity.
