On the evening of February 21st, Beijing time, on-chain detective ZachXBT monitored an abnormal outflow of $1.46 billion in ETH funds from Bybit, with mETH and stETH being exchanged for ETH on DEXs. Calculated by the amount, this could be the largest hacking incident in the history of cryptocurrencies.

Bybit responded quickly, issuing a statement on their official Twitter, stating that "this incident involved the ETH multi-signature cold wallet, and the attacker exploited a vulnerability in the smart contract logic to manipulate the signature interface, making the transaction appear normal on the surface, but the underlying logic had been tampered with, allowing the hacker to ultimately take control of the cold wallet and withdraw the assets." Subsequently, the Bybit CEO conducted a two-hour Twitter live stream, sharing the latest developments and answering user questions.

Subsequently, the Bybit trading platform received over $4 billion in inflows within 12 hours. Although the specific investigation results have not yet been released, multiple security experts speculate that this incident may have originated from a hacker attack on the signer's computer or the intermediate interface. The hacker waited for the multi-signature executors to perform their routine signing, quietly altered the transaction content, upgraded the smart contract to a malicious contract with a backdoor, and then extracted all the funds.

In the past few years, incidents of digital asset trading assets being stolen have occurred multiple times, usually manifesting in the following few types of security issues:

Theft of hot wallet assets: Some exchanges have a high proportion of hot wallet storage, making them vulnerable to large-scale asset loss due to vulnerabilities.

Internal management vulnerabilities: Some exchanges may have risks of employee misconduct or assistance in external attacks due to poor management.

Insufficient security suppliers: Failure to cooperate with top-tier security service providers, leading to the inability to timely detect and respond to potential threats.

Lack of insurance mechanism: In the event of extreme incidents, due to the lack of insurance coverage, exchanges find it difficult to compensate users for asset losses.

The Bybit incident was not a theft of hot wallet assets, and other assets were not affected, and the withdrawal service has been operating normally. This indicates that the problem was not due to internal management or withdrawal processes, but a precise attack by hackers exploiting technical vulnerabilities.

As the core infrastructure of the crypto industry, asset security is crucial for crypto exchanges. Hacker attacks not only cause huge financial losses, but may also affect platform reputation and undermine the trust system of the entire industry. How to build a comprehensive and reliable security system to protect user assets has become a key task for every compliant exchange.

In the field of virtual asset trading, the construction of the security system is facing the dual driving forces of technological iteration and regulatory norms. Industry observations show that the top-licensed trading platforms around the world generally adopt a "cold and hot wallet separation + multi-signature" core architecture, building security barriers through multi-dimensional control mechanisms:

Standardization of fund isolation technology:

- System-level physical isolation: Cold and hot wallets are set up in independent security houses, with dedicated computers equipped with anti-intrusion systems. The hot wallet server only processes user order requirements, while the cold wallet device is completely physically disconnected from the network

- Dynamic quota management: Differentiated hot wallet ratios are set in different jurisdictions, such as 5% in Hong Kong and 10% in Dubai

- Intelligent risk control triggering: Fund transfers require intelligent aggregation triggered by order demand, eliminating the possibility of manual intervention

Bank-level risk control for cold-hot conversion system:

- Implement a "three-person four-eye" mechanism for the operation process, covering wallet management, security auditing, financial monitoring and other multi-department collaboration

- Hardware-level cold and hot wallets are placed in separate security houses, with the hot wallet server processing order requirements and the cold wallet device permanently physically disconnected from the network

Innovative practices of licensed institutions:

For example, Coinbase has the strictest security measures in global asset management. The platform adopts multi-signature technology to ensure that the transfer of each fund requires the approval of multiple authorized persons, thereby reducing the risk of a single account being attacked. In addition, Coinbase also conducts regular security audits and compliance checks to ensure that all its processes comply with industry best practices, further enhancing user trust.

Similarly, HashKey global has collaborated with Slowmist to achieve deep integration of multi-signature protocols and cold storage systems. Slowmist's self-developed key sharding management system, through a distributed signature verification mechanism, completes the dynamic authorization verification process of key holders in the physically isolated cold wallet environment. This technological breakthrough allows cold wallet operations to meet the requirements of physical isolation, while achieving permission separation through key sharding.

Strengthening asset protection: Innovation of insurance mechanisms

In addition to technical guarantees, insurance mechanisms have also become an important means for crypto exchanges to protect user asset security. Taking Kraken as an example, the platform cooperates with professional insurance companies to provide insurance coverage for the assets stored on the platform. Kraken's insurance covers the loss of some digital assets due to hacker attacks or other security vulnerabilities during the storage process. Although insurance cannot fully cover all risks, it provides a certain safety net for users.

OneDegree, which holds a virtual insurance license from the Hong Kong Insurance Authority, is an important industry partner, collaborating with top platforms such as BitGo and HashKey Global to provide comprehensive insurance coverage for user assets. The insurance covers extreme events such as earthquakes and other unpredictable risks, ensuring the safety of user assets. Every year, exchanges invest a large amount of funds in user asset insurance, not only enhancing the security of the platform, but also strengthening user trust.

Strict compliance requirements

Compliance is not only a legal and regulatory requirement, but also a necessary guarantee for exchanges to ensure fund security and enhance user trust. As a licensed exchange, Coinbase has invested a lot of resources in compliance, obtaining money transmitter licenses in multiple US states and an electronic money license in Europe. The acquisition of these licenses not only proves the platform's compliance, but also provides stronger protection for users.

Kraken has also taken similar measures in terms of compliance. The platform has obtained legal operating licenses in multiple countries and regions, and strictly abides by various regulatory requirements in its operations. Through close cooperation with regulatory authorities, Kraken ensures that its business activities comply with local laws and regulations, avoiding security risks caused by compliance issues.

Balancing compliance and crypto-native attributes

Finding a balance between compliance and crypto innovation is one of the biggest challenges facing exchanges. For example, if a virtual asset exchange wants to operate in Europe, it must first obtain an MiCA license. The licensed entity needs to strictly comply with the requirements of the local jurisdiction to ensure the compliant operation of the platform. In this way, the crypto-native attributes of the platform are also guaranteed, allowing it to respond to market hotspots more quickly and develop innovative products to meet user needs.

As the cryptocurrency industry continues to develop, the issue of asset security for exchanges will become increasingly important. Exchanges need to build a more comprehensive asset security system through technological innovation, strict compliance management, and insurance mechanisms, while maintaining the flexibility and market responsiveness of the platform, in order to provide users with strong protection and promote the healthy development of the global digital asset industry.