Foresight News takes you through this week’s hot topics and recommended content:
01Bybit was stolen for $1.5 billion
"72 Horrifying Hours" after Bybit Stolen $1.5 Billion
The story behind the Lazarus Group, the initiator of the largest robbery in Web3 history
"Quickly read the Bybit forensic investigation report, Safe is the breakthrough point for hackers"
02Monad Interaction
"The last day to become a Monad early testnet user, which native applications are worth interacting with?"
03 Crypto Regulation
"SEC gives up on hunting down crypto companies, what will be the subsequent changes in regulatory attitudes?"
04 Bitcoin as a Market
"Regular Army Castle Securities Enters Bitcoin Market Making!"
05 Project Observation
《The most valuable Sui airdrop? A comprehensive forecast of the value of WAL tokens》
"Listed on Binance Launchpool, how does RedStone reshape the DeFi oracle?"
"Platform currency increased 16 times in 7 hours. Can Super.exchange reshape the new order of Meme issuance?"
What is time.fun, the platform co-founded by Solana and Toly?
06 Industry Insights
Quick Reading of Ethereum Foundation AMA Highlights: L1 Revenue and Value Accumulation, Pectra Upgrade, L2, etc.
"The fear index hits a new low. Has the crypto market really turned bearish?"
01Bybit was stolen for $1.5 billion
Bybit was stolen $1.46 billion (more than 10 billion yuan), which is the largest hacker attack and theft in history. The incident occurred during the transfer of funds from an Ethereum cold wallet to a warm wallet of Bybit. The hacker somehow controlled the signing process of the multi-signature wallet Safe. Bybit's cold wallet uses a multi-signature mechanism, which requires the consent of four persons in charge (key holders) including CEO Ben Zhou to execute transactions. However, this attack shows that hackers may have successfully interfered with this process, either by hacking into the signer's device or by forging a trusted front-end interface, allowing the signer to approve malicious transactions without knowing it. Recommended reading:
" The terrifying 72 hours after Bybit was stolen for $1.5 billion "
The mastermind of the attack was identified as the Lazarus Group (North Korea's state-level hacker organization), who stole $4.5 billion from institutions in the crypto and financial industries through hacker attacks over a period of 9 years. According to incomplete statistics, since 2015, the Lazarus Group has successfully attacked and stolen from more than 20 financial institutions and cryptocurrency platforms. As of February 2025, the cumulative amount of theft by the Lazarus Group has exceeded $4.5 billion. Initially, the Lazarus Group focused more on traditional financial institutions. In 2015, the Lazarus Group stole $12 million from the Ostello Bank in Ecuador and $1 million from the Pioneer Bank in Vietnam; and in 2016, the organization organized the 2016 Bangladesh Central Bank theft (stealing $81 million).
At 23:20 on February 21, Beijing time, hackers stole about $1.5 billion worth of on-chain assets from Bybit. Four hours after the incident, on-chain detective ZachXBT submitted conclusive evidence, confirming that the attack on Bybit was carried out by the North Korean hacker group Lazarus Group. This notorious hacker team has left a heavy mark in the history of encryption and even the entire financial market. Recommended reading:
The story behind the Lazarus Group, the instigator of the largest robbery in Web3 history
The Lazarus Group (also known as the “Guardians” or “Peace or Whois Team”) is a hacker group of unknown number of individuals allegedly controlled by the North Korean government. Although little is known about the group, researchers have attributed several cyberattacks to them since 2010. Originally a criminal gang, the group has now been designated as an advanced persistent threat group due to its attack intent, the threats it poses, and the variety of methods it uses to operate. Cybersecurity agencies have given them a number of nicknames, such as “Hidden Cobra” (the name used by the U.S. Department of Homeland Security to refer to malicious cyber activities initiated by the North Korean government), “ZINC” or “Diamond Sleet” (Microsoft’s name). According to Kim Kuk-song, a defector from the country, the group is known as the “414 Liaison Office” in North Korea.
The group's earliest known attacks were Operation Troy from 2009 to 2012. This was a cyberespionage campaign that used unsophisticated distributed denial of service (DDoS) techniques to target the South Korean government in Seoul. They also launched attacks in 2011 and 2013. Although it is not certain, an attack on South Korea in 2007 may also be their responsibility. A notable attack by the group took place in 2014, targeting Sony Pictures. This attack used more sophisticated techniques and showed that the group has become more sophisticated over time.
In 2015, the Lazarus Group reportedly stole $12 million from Banco Ostello in Ecuador and $1 million from Pioneer Bank in Vietnam. They have also targeted banks in Poland and Mexico. A 2016 bank heist in which they stole $81 million was also attributed to the group. In 2017, it was reported that the Lazarus Group stole $60 million from Far Eastern International Commercial Bank in Taiwan, although the actual amount stolen is unclear and most of the funds have been recovered.
It is not clear who is really behind the group, but media reports indicate that the group has close ties to North Korea. In 2017, Kaspersky Lab reported that the Lazarus Group tends to focus on espionage and infiltration cyberattacks, while a sub-group within it, called "Bluenoroff" by Kaspersky, specializes in financial cyberattacks. Kaspersky has discovered multiple attacks around the world and found that Bluenoroff has a direct IP address connection with the country.
Bybit was hacked on February 21, with a loss of nearly $1.5 billion, becoming the largest hacker attack in the history of Web3. Today (February 26), Sygnia released a preliminary report on the incident. The following is the Chinese translation of the report. Recommended reading:
" Quickly read the Bybit forensic investigation report, Safe is the breakthrough point for hackers "
A forensic investigation of all hosts used to initiate and sign transactions revealed that resources in Safe{Wallet}’s AWS S3 bucket were injected with malicious JavaScript code.
Resource modification times and publicly available network history archives indicate that the injection of malicious code was performed directly in Safe{Wallet}'s AWS S3 bucket.
Initial analysis of the injected JavaScript code showed that its main purpose was to manipulate transactions, effectively changing their contents during the signing process.
Additionally, analysis of the injected JavaScript code revealed an activation condition that is only executed if the transaction origin matches one of two contract addresses: Bybit’s contract address and a currently unidentified contract address (likely related to a test contract controlled by the threat actor).
Two minutes after the malicious transaction was executed and published, new versions of the JavaScript resources were uploaded to Safe{Wallet}’s AWS S3 bucket. These updated versions had the malicious code removed.
Initial findings indicate that the attack originated from Safe{Wallet}'s AWS infrastructure.
So far, forensic investigations have not found any signs of a compromise of Bybit’s infrastructure.
02Monad Interaction
The Monad testnet is officially online. We published the "Gold Rush Manual: Tianwang Public Chain Monad Online Testnet, Quick Interaction Guide" as soon as the Monad testnet was launched, which introduced the interaction process of Monad. Given that the difficulty of receiving water from the Monad test coin is high and the ecological heat continues to rise, many users want to know more about the channels for receiving water and the ecological applications that are worth interacting and paying attention to. This article will list them for you one by one. Recommended reading:
aPriori is a Monad-based MEV liquid staking platform. In July 2024, it announced the completion of an $8 million seed round of financing, led by Pantera. Previously, aPriori completed a Pre-Seed round of financing led by Hashed and Arrington Capital, with a total financing amount of $10 million. Other investors include Consensys, OKX Ventures, Manifold Trading, etc. Apriori is currently online on the Monad testnet.
Kuru is an on-chain order book DEX based on Monad, and is currently available on the Monad testnet. Kuru completed a $2 million seed round of financing in July 2024, led by Electric Capital and participated by Brevan Howard Digital and others.
Kintsu is a liquid staking protocol in the Monad ecosystem. It completed a $4 million seed round of financing in July 2024, led by Castle Island Ventures, with participation from Brevan Howard Digital, CMT Digital, Spartan Group, Breed VC, CMS Holdings, Animoca Ventures, etc. Kintsu has been launched on the Monad testnet.
03 Crypto Regulation
With Trump taking office, the SEC has actively embraced the banner of cryptocurrency, prompting it to start releasing regulatory processes that strangle cryptocurrencies, and even to a certain extent, it has reached a "vacuum". On February 4, the SEC released the work plan of the Cryptocurrency Working Group, marking an important transformation in the field of cryptocurrency regulation in the United States. This working group aims to bring more clarity to the regulatory framework for crypto assets while maintaining support for innovation. What does such a big change mean for the market? When the spring breeze blows, how will the subsequent crypto compliance go? Recommended reading:
In recent actions, the SEC has indeed been steadily advancing the "compliance" of crypto regulation, including withdrawing its appeal against the rules against crypto traders; promoting crypto taxonomy and regulatory frameworks; suspending and withdrawing lawsuits against crypto mining company Geosyn Mining, trading platform Robinhood Crypto, NFT platform OpenSea, DEX UniSwap and other project entities.
In this environment, the approval of ETFs is also accelerating, and even the ETF pledge is progressing rapidly. On February 20, according to Fox reporter Eleanor Terrett, according to sources who recently spoke with the SEC, the agency is "very, very interested" in pledges, and the cryptocurrency working group also met with Jito Labs and Multicoin Capital representatives on February 5. The main topics included the possibility of including pledge features in exchange-traded products (ETPs) and the potential model of equity pledge in crypto asset ETPs.
It is gratifying that from the SEC's perspective, Pierce and her team have also become a reassurance for the advancement of regulation in the crypto field. She also said in a previous interview: "I hope we can tell people that the US SEC is open to innovators from anywhere. We hope people come here and build things here, just as people come here from all over the world to invest in our capital market, because our market is a very good market. I hope the quality of our market will be the reason why people decide to come here."
04 Bitcoin as a Market
On February 25, Bloomberg reported that Citadel Securities is seeking to become a liquidity provider for cryptocurrencies. People familiar with the matter said the company's goal is to join the list of market makers of various exchanges, including those operated by Coinbase Global, Binance Holdings and Crypto.com. Once approved by the exchange, the company initially plans to set up a market making team outside the United States. This move not only marks a major strategic shift for Citadel Securities, but also indicates that the crypto market may usher in new changes. Recommended reading:
" Regular Army Castle Securities Enters Bitcoin Market Making! "
Hedge fund Citadel and market-making firm Citadel Securities were both founded by "program trading genius" Kenneth C. Griffin. In 1987, Ken Griffin, who was only 19 years old at the time, started his trading career in a Harvard dormitory, and then founded his own investment group Citadel (formerly Wellington Financial Group) with $4.6 million in 1990. Citadel's assets under management reached $66 billion by the end of 2024. According to statistics from LCH Investments, among the top hedge funds, Citadel had the highest net income of $83 billion since its launch, surpassing DE Shaw, Millennium (Millennium Management Company), and Bridgewater Fund.
The turning point for Castle Securities to become famous was the GameStop short squeeze in 2021. At that time, American retail investors pushed up the stock prices of "meme stocks" such as GameStop through social media, causing institutions that short these stocks to suffer heavy losses. As a major market maker in the US stock market, Castle Securities handled a large number of related transactions. In this incident, Castle Securities became famous by demonstrating strong transaction execution capabilities.
It is worth mentioning that Zhao Peng, CEO of Castle Securities, is a Chinese American born in Beijing in the 1980s. He was admitted to the Department of Applied Mathematics at Peking University in 1997, and later went to the University of California, Berkeley to pursue a doctorate in statistics. He also worked as a summer quantitative research assistant at Lehman Brothers. After graduation, Zhao Peng joined Castle Securities. He started as a senior quantitative researcher, served as global market making director and chief scientist, and was finally promoted to CEO in 2017.
05 Project Observation
Recently, Sui developer Mysten Labs' new protocol, the decentralized storage and data availability protocol Walrus, airdropped tokens in the form of NFT distribution. Eligible community members' Sui wallet addresses have received soul-bound (non-transferable) Walrus Airdrop NFTs, which show the number of WAL tokens, and thus have the right to claim the corresponding number of WAL tokens when the mainnet goes online in March. This airdrop distributed 4% of WAL's total supply of 5 billion, while the other 6% is reserved for future community incentives and ecological distribution. For an introduction to the Walrus protocol, it is recommended to read the author's article in September last year: Interpreting Walrus, Sui's new interpretation of decentralized storage produced by the Sui development team, independent PoS chain, new governance token WAL, and potential airdrop opportunities. Recommended reading:
《 The most valuable Sui airdrop? A comprehensive forecast of the value of WAL tokens 》
In the field of storage protocols, Filecoin (FIL) and Arweave (AR) already have impressive market capitalizations. FIL has built a huge ecosystem for data storage and retrieval, while AR has been favored by the market for its permanent storage solutions. Currently, the market capitalization of FIL is about $2 billion, and the fully released market value (FDV) is about $6 billion, while the market capitalization and FDV of AR are both about $600 million. If compared with the fully released market value of FIL, the price of WAL will have a chance to exceed $1; and if compared with AR, the price of WAL will be around $0.1. The difference between the two is quite large. Which project is closer to the potential price of Walrus?
After comparing with storage projects with higher market value such as FIL and AR, and considering the additional premium brought by the strong support of Mysten Labs and the current market environment, the reasonable price of WAL tokens may be between 0.3 and 0.6 USDT. If the opening airdrop selling pressure is large and falls below 0.2 USDT, I will consider buying. If the market is extremely optimistic and exceeds 0.8 USDT, I will sell most tokens.
On February 25, 2025, Binance Launchpool and pre-market trading will list RedStone (RED), and mining will start at 8:00 on February 26 and last for two days. In addition, Binance Pre-Market will list the RED/USDT trading pair at 18:00 on February 28 and open Pre-Market trading. RedStone Oracles releases RED token economics. The total amount of RED is 1 billion, of which 48.3% will be allocated to the ecosystem and community (10% will be used for protocol development, 28.3% will be used for ecosystem and data providers, and 10% will be used for community and genesis distribution), 20% will be allocated to core builders, and 31.7% will be allocated to early supporters. Recommended reading:
" Listed on Binance Launchpool, how does RedStone reshape the DeFi oracle? "
RedStone is a modular oracle network that can provide data sources for DApps and smart contracts on L1, L2 and Rollup-as-a-Service networks (such as EigenLayer), especially the yield collateral in the lending market, such as LST and LRT.
Today’s oracle network is not perfect, and the accuracy and completeness of data sources still need to be improved. In addition, as new assets are listed more and more quickly, some oracles often seem slow to respond or even fail to support new assets.
RedStone adopts a differentiated modular design to meet the needs of DeFi protocols. Data providers can avoid continuously delivering and transmitting on-chain data, and allow end users to deliver signed oracle data on the chain themselves. RedStone also uses Arweave to archive and maintain oracle data.
According to official data, since the mainnet in January 2023, RedStone has supported more than 20 chains and integrated more than 1,000 asset providers from 50 data sources. These asset sources include not only cryptocurrencies, but also stocks, fiat currencies, commodities, and EFTs.
In the Crypto Winter, investors' anger over "insider trading" and "market maker dumping" has never been so strong. From President Coin to Wife Coin, from skyrocketing to zero, countless retail investors are struggling in the liquidity trap. And a new platform called Super.exchange on Solana is trying to bring order to this chaos with a pricing engine called "Super Curve" and a community-driven points flywheel - or at least, a fairer game rule. Recommended reading:
If Pump.fun is the “lottery station” of the Meme era, Super.exchange is more like a sophisticated “bulldozer.” Its core innovation, Super Curve, divides the token life cycle into multiple stages through seven curves with different parameters (xⁿ * y = k, n decreases from 32 to 1):
Low market capitalization stage (n=32): The curve is as flat as walking on flat ground, and early investors cannot hoard more than 80% of the tokens with small funds. For example, on Pump.fun, only $20,000 is needed to control 80% of the token supply, and the price only increases by 15 times; on Super.exchange, the same control requires a 40,269-fold increase in price, which is almost impossible.
Mid-to-high market value stage (n gradually decreases): As the token price rises, the slope of the curve is adjusted dynamically to ensure that the liquidity depth is always sufficient. This is equivalent to installing a "buffer" for the market, which not only prevents whale from dumping the market in the early stage, but also avoids the risk of collapse caused by the depletion of liquidity in the later stage.
This design directly hits the pain points of traditional Bonding Curve: the cost of early control is too low, and the liquidity is faulty in the later stage. The co-founder of Super.exchange once compared it to: "The traditional curve is like an automatic car, which is easy to lose control when accelerating; Super Curve is a manual car, which must be shifted step by step to speed up." From the actual data, the tokens using Super Curve (such as the leading coin SEND) rose by more than 500% in 24 hours, and the "graduation and zeroing" phenomenon common on Pump.fun did not occur.
Updated on February 25, 2025: Today, Solana co-founder toly "joined" the time tokenized SocialFi application time.fun. The market value of its token toly (toly's minutes) on time.fun once rose to over $19 million in an hour and a half, and the token price reached $187. Toly also responded to time.fun's tweet about the Meme token "toly's minutes" on Twitter, saying "business communications are my favorite crypto application case." At the same time, time.fun migrated from the Base network to Solana. Recommended reading:
What is time.fun, the platform co-founded by Solana and Toly?
time.fun was originally launched as circle.tech and was favored by Crypto accelerator Alliance in April this year. The goal of circle.tech from the beginning was to allow users to tokenize time, allowing creators to earn income, while fans can also interact with creators in a paid way, such as consulting, group chatting or watching live broadcasts.
At the end of last month, circle.tech rebranded itself as time.fun. On the one hand, it was to eliminate the liability risks brought by a name similar to Circle (the issuer of USDC), and on the other hand, it was to be closer to its concept of "time tokenization" and set the time value according to the joint curve. While bringing time delivery income to creators, it also provides a small part of the transaction fees to incentivize creators, while also empowering time holders to a certain extent.
time.fun builder @0xKawz said that time.fun not only allows tokenization of time, but also supports creators to connect with loyal fans at a deeper level, such as booking meetings, private messages, etc.
06 Industry Insights
On February 25, the Ethereum Foundation Research Team held its 13th AMA on Reddit. Foresight News read over 300 comments and compiled and summarized the main views of Vitalik Buterin and members of the Ethereum Foundation Research Team. The discussion mainly included L1 revenue and value accumulation, L2, blob fees, L1 Gas limit targets, the risk of large companies taking over Ethereum, and the progress of Pectra upgrades, and more future plans. Recommended reading:
If DA supply remained constant for a few months, I would expect hundreds of ETH to be burned per day for DA. However, currently Ethereum L1 is in "growth mode" and the Pectra hard fork (to be launched in a few months) will increase the target number of blobs per block from 3 to 6. This surge in DA supply should depress the blob fee market and it will take a few months for demand to catch up again. As full danksharding is rolled out in the next few years, there will be a cat and mouse game between DA supply and demand.
What will the long-term equilibrium look like? My thesis has not changed since my 2022 Devcon talk "Ultra-Sound Money". In the long run, I expect DA demand to exceed supply. In fact, supply is fundamentally limited by consensus participants running on home internet connections, and I think the DA throughput equivalent to about 100 home internet connections is insufficient to meet global demand, especially as humans always find creative ways to consume more bandwidth. In about 10 years, I expect Ethereum to reach 10 million TPS (about 100 transactions per person per day), which is $1 billion in revenue per day even if each transaction is as low as $0.001.
Ethereum has been falling since it failed to stabilize at $2,800. After rebounding to $2,500 recently, it suffered another setback, with the lowest price dropping to around $2,200. SOL has fallen to around $130 due to the negative effects of the meme slump and the huge unlocking on March 1, hitting a new low since September 2024. Altcoin have mixed gains and losses. In terms of contract data, according to Coinglass, the 24-hour open contracts on the entire network were liquidated at $765 million, long orders were liquidated at $608 million, and the largest single liquidation was worth $8.2054 million. Market sentiment has deteriorated and morale is unstable. What is the problem? Recommended reading:
" The fear index hits a new low. Has the crypto market really turned bearish? "
Fed's Bostic said he expects two rate cuts this year, but more or fewer could happen amid "pervasive" uncertainty. He doesn't expect inflation to suddenly explode, and his overall inflation forecast is a bumpy downward path. He believes inflation will move toward the 2% target, but it's not there yet. The Fed's goal is to reach the 2.0% target without hurting the labor market.
Andre Dragosch, head of research at Bitwise Europe, noted that the cryptoasset sentiment index reached its lowest level since August, coinciding with the unwinding of the yen carry trade, which caused Bitcoin to bottom out around $49,000 in August. The cryptoasset sentiment index shows a lot of counter-trend buying signals. Liquidity, on-chain data, and widespread pessimism in derivatives markets suggest that downside risks are relatively limited. At these price levels, the risk-reward outlook looks quite favorable.
