来源：Chainalysis；编译：白水，金色财经
2025 年 2 月 21 日，著名的加密货币交易所 Bybit 遭遇重大安全漏洞，导致价值近 15 亿美元的以太坊 (ETH) 损失。这一事件是加密货币历史上最大的盗窃案。幸运的是，Bybit 正在积极与 Chainalysis 等行业专家合作，追踪被盗资产。他们还推出了一项追回赏金计划，向协助追回被盗加密货币的个人提供高达追回金额 10% 的...

<div>来源：Chainalysis；编译：白水，金色财经2025 年 2 月 21 日，著名的加密货币交易所 Bybit 遭遇重大安全漏洞，导致价值近 15 亿美元的以太坊 (ETH) 损失。这一事件是加密货币历史上最大的盗窃案。幸运的是，Bybit 正在积极与 Chainalysis 等行业专家合作，追踪被盗资产。他们还推出了一项追回赏金计划，向协助追回被盗加密货币的个人提供高达追回金额 10% 的奖励。在本博客中，我们将研究漏洞是如何发生的；攻击者的策略、技术和程序 (TTP) 及其与朝鲜民主主义人民共和国 (DPRK) 的一致性；以及 Chainalysis 如何与 Bybit 和执法部门合作帮助追回资金。<h2>Bybit 漏洞细节</h2>Bybit 黑客攻击事件清楚地提醒我们，国家支持的网络犯罪分子，尤其是与朝鲜有关的犯罪分子，所使用的手段正在不断演变。正如我们最近在 2025 年加密犯罪报告中所揭示的那样，与朝鲜有关的黑客在 2023 年发生的 20 起事件中窃取了约 6.605 亿美元。2024 年，这一数字增加到 47 起事件中被盗 13.4 亿美元——被盗价值增加了 102.88%。仅 Bybit 黑客攻击就导致被盗金额比朝鲜在 2024 年全年被盗的所有资金多出近 1.6 亿美元。这次攻击凸显了朝鲜使用的常见伎俩：策划社会工程攻击并采用复杂的洗钱方法，试图在不被发现的情况下转移被盗资金。来自 Bybit 漏洞的资金也已整合到持有其他已知与朝鲜有关的攻击资金的地址中，这进一步证明民族国家行为者是这起最新事件的幕后黑手。以下是 Bybit 漏洞如何展开的逐步分析：<ul><li>通过社会工程学进行初步入侵：黑客通过对冷钱包签名者执行网络钓鱼攻击获得了 Bybit 用户界面的访问权限，导致他们签署恶意交易，将 Safe 的多重签名钱包实施合约替换为恶意合约。</li><li>发起未经授权的转账：在从 Bybit 的以太坊冷钱包到热钱包的例行转账过程中，攻击者拦截了该过程。他们设法将大约 401,000 ETH（在攻击时价值近 15 亿美元）重新路由到他们控制的地址。</li><li>通过中介钱包进行资产分散：被盗资产随后通过复杂的中介地址网络转移。这种分散是一种常用策略，用于混淆踪迹并阻碍区块链分析师的追踪工作。</li><li>转换和洗钱：黑客将大量被盗 ETH 换成 BTC 和 DAI 等代币。他们还利用去中心化交易所 (DEX)、跨链桥和无需 KYC 的即时交换服务在网络间转移资产。</li><li>保持资金静止和战略性洗钱：被盗资金中相当一部分一直闲置在各个地址，这是朝鲜黑客经常采用的蓄意手段。通过延迟洗钱行动，他们的目标是在此类高调违规行为发生后立即接受严格审查。</li></ul>下面的 Chainalysis Reactor 图表展示了迄今为止洗钱行动的复杂性：中间地址、代币交换和跨链移动的网络不仅试图掩盖被盗资金，而且还展示了这种攻击对更广泛的加密生态系统造成的深远影响。<img src="https://img.jinse.cn/7351982_watermarknone.png" title="7351982" alt="kNNC0GX17wXBOtCfZcL1VD4UGat1Z28USjA6WftY.png"><h2>Bybit 黑客攻击事件后的行业合作</h2>尽管 Bybit 的攻击十分严重，但区块链技术固有的透明度对试图洗白被盗资金的恶意行为者来说是一个重大挑战。每笔交易都记录在公共账本上，使当局和网络安全公司能够实时追踪和监控非法活动。加密生态系统的协作对于打击这些威胁至关重要。Bybit 的快速反应，包括保证弥补客户损失以及与区块链取证专家的合作，体现了该行业对相互支持和韧性的承诺。通过整合资源和情报，加密社区可以加强对这种复杂网络攻击的防御，并努力打造更安全的数字金融环境。我们正在与公共和私营部门的全球团队、客户和合作伙伴合作，以支持多种途径来扣押和追回此次攻击。我们已经与业内联系人合作，帮助冻结了从 Bybit 窃取的 4000 多万美元资金，并继续与公共和私营部门组织合作，尽可能多地扣押资金。我们将继续提供有关此事的最新进展。</div>

Chainalysis：谁偷了钱？Bybit被盗案漏洞细节详览

Jinse Finance, February 21, 2025 - The renowned cryptocurrency exchange <Bybit> suffered a major security breach, resulting in the loss of nearly $1.5 billion worth of Ethereum (ETH). This incident is the largest theft in the history of cryptocurrency. Fortunately, <Bybit> is actively collaborating with industry experts such as <Chainalysis> to track the stolen assets. They have also launched a bounty program to offer up to 10% of the recovered amount to individuals who assist in the recovery of the stolen cryptocurrency.

Jinse Finance; Bit; TRON; Dai; BTC; ETH; HT; AR; RON; ONG; Bybit

The article discusses a major security breach at the famous cryptocurrency exchange Bybit in February 2025, resulting in the loss of nearly $1.5 billion worth of Ethereum (ETH). This incident is the largest theft in the history of cryptocurrency. Fortunately, Bybit is actively collaborating with industry experts like Chainalysis to track the stolen assets. They have also launched a bounty program to reward individuals who assist in the recovery of the stolen cryptocurrencies.

The article delves into the details of the vulnerability, the tactics, techniques, and procedures (TTPs) used by the attackers, and their connection to the Democratic People's Republic of Korea (DPRK). It also explores how Chainalysis is working with Bybit and law enforcement agencies to help recover the funds.

The article highlights the common tactics employed by DPRK-linked hackers, such as planning social engineering attacks and using complex money laundering methods to move the stolen funds without detection. The funds from the Bybit breach have also been integrated into addresses known to hold funds from other DPRK-related attacks, further confirming the involvement of a nation-state actor.

The article provides a step-by-step analysis of how the Bybit vulnerability unfolded, including the initial compromise through social engineering, the unauthorized transfers, the asset dispersal through intermediary wallets, the conversion and money laundering, and the strategic holding of a significant portion of the stolen funds.

The article emphasizes the importance of collaboration within the crypto ecosystem to combat these threats. Bybit's swift response, including guaranteeing customer reimbursement and partnering with blockchain forensics experts, demonstrates the industry's commitment to mutual support and resilience. By pooling resources and intelligence, the crypto community can strengthen its defenses against such complex network attacks and work towards a safer digital financial environment.

Chainalysis: Who stole the money? Details of the Bybit theft vulnerability

The event overview
On February 21, 2025, at 02:16:11 UTC, Bybit's Ethereum cold wallet (0x1db92e2eebc8e0c075a02bea49a2935bcd2dfcf4[1]) was drained of funds due to a malicious contract upgrade. According to a statement by Bybit CEO Ben Zhou[2], the attacker used a phishing attack to trick the cold wallet signer into erroneously signing a malicious transaction. He mentioned that the transaction was disguised as a legitimate operation: the Safe{Wallet} interface displayed...

Technical analysis of the Bybit theft incident: Device intrusion may be the key factor

Author: Tim Beiko
Compiled by: GaryMa Wu Blockchain
Ethereum core developer Tim Beiko published a lengthy article on February 22, 2025, explaining why Ethereum cannot "roll back" to reverse hacker attacks, such as the recent Bybit hacker incident. He provided the historical context of the Bitcoin and TheDAO events, and discussed why rollbacks are not feasible in the current Ethereum ecosystem. Wu Blockchain has compiled and summarized the original text and corresponding comments as follows:
Yesterday, after Bybit was hacked, some...

Tim Beiko explains: The amount of ETH stolen from Bybit hit a record high, but why can't Ethereum be rolled back?

The following is the English translation of the text, with the specified terms retained:

Bybit's Safe multi-signature wallet hacked by North Korean hackers
Safe: Temporary removal of integration with Ledger
Four major doubts remain to be clarified
Expert: Ledger should add a transaction verification function with computer software on the trading interface
Cryptocurrency exchange Bybit reported a late-night hack on the 21st, with a total value of nearly $1.47 billion in ETH, stETH, cmETH, and mETH stolen, making it one of the largest cryptocurrency theft incidents in recent years.
On Saturday, blockchain security...

After the Bybit theft: Safe multi-signature wallet disconnected from Ledger integration: additional transaction checks will be implemented and services will be gradually restored

Chainalysis: Who stole the money? Details of the Bybit theft vulnerability

Download app to participate in rewarding events