Self-inspection and self-rescue + industry-wide protection, the $1.5 billion in stolen assets is impossible to recover, but the work of calming panic and preventing a run on withdrawals is the focus of the next step. Industry partners' trust in mutual assistance and the security team's on-chain tracing and investigation to uncover the perpetrators, live streaming the team's transparent operations, letting everyone see the team's execution and dedication, and from the price fluctuations, the subsequent shocks of this event have already passed. Bybit has promised a 1:1 reserve and is aggressively buying ETH spot in the secondary market to be prepared, which has boosted the ETH price, making withdrawals no longer the first choice for hedging. The industry has avoided a liquidity crisis.

One can't help but ask: Why are North Korean hackers targeting crypto?

Looking at the cause and effect, we can't just look at the results, we need to understand it in the context of the global situation and historical process. If you are an excellent programmer, if you are in North Korea, you will ultimately become a "black knight" under the command of the "General", and take pride in it.

North Korea is a land of three abandonments, with no strategic territory, no mineral resources, and even no labor-intensive industries can be developed, because of its own closed-door policy and external sanctions, its annual foreign exchange earnings are only a few hundred million dollars, most of which are from labor exports to make money for the country. Even in the recent Russia-Ukraine war, they have sent special forces to exchange for political capital. They may be poor, but if the top leadership wants to do something that only benefits the country, they have enough talent, such as national-level hackers to act as cyber raiders, both to generate revenue and to strengthen the country's cyber security, after all, the best defense is offense, wandering in the backyards of various countries and taking something is the best, if there is no opportunity, they can also do some infiltration.

Many defectors have also been reported, North Korea is not really a "closed country", at least the cyber warfare troops responsible for national security and network information sources can be connected to the global network 24 hours a day. Cultivating a hacker is very cheap and loyal, as long as the basic living needs are guaranteed. From the first day of their education, these "black knights" are given a mission and a goal, and they are divided into different groups, focusing on attacking different countries and regions, such as the United States, South Korea and Japan. Once a hacker is assigned to a specific "national group", they will spend nearly two years undercover in that country, learning the local language and cultural knowledge, so that they will not be exposed, in addition to their technical skills.

The anonymity and transfer convenience of blockchain encryption have spawned a full industry chain of talent from breaching to cashing out for these black knights, and crypto thefts are commonplace:

What should retail investors do?

Retail investors are lagging behind, the platforms and projects that have been hacked are afraid of retail investors knowing about it and rushing to withdraw their funds. Don't just believe the security level and compensation promises of large platforms, FTX's so-called margin and compensation ability also couldn't last more than two days before it collapsed in a thunderous crash, capital flight will not take refugees and disaster victims with them, so retail investors also need to have self-awareness and survival skills. Routine security operations are necessary, such as:

Use a hardware wallet: A hardware wallet is like a physical safe, storing your private key on an offline device, greatly reducing the risk of hacker attacks. Ledger, Trezor and other hardware wallets are relatively reliable choices.

Enable two-factor authentication: Enable two-factor authentication on trading platforms, such as SMS verification codes, Google verification codes, etc. Even if your password is compromised, hackers won't be able to log into your account without the verification code.

Be cautious about phishing emails and links: Phishing attacks are a common tactic used by North Korean hackers, they will send seemingly legitimate emails or links to lure you into entering your account and password. So everyone must be vigilant, don't click on links from unknown sources, and don't enter your cryptocurrency-related information on untrusted websites.

Change passwords regularly: Regularly change the passwords of your trading platforms and wallets, and use complex password combinations including letters, numbers, and special characters to increase the security of your passwords.

Pay attention to security information: Pay more attention to security information in the cryptocurrency industry, understand the latest hacker attack methods and prevention methods, and adjust your security strategy in a timely manner.

Conclusion: Security is the lifeline of the bull market

The Bybit incident once again proves that in the crypto industry, the cost of security vulnerabilities far exceeds the speed of technical iteration. Whether it's an exchange or an ordinary user, only by integrating "paranoid-level security" into every transaction, every line of code, and every signature can we hold our ground in this battle against nation-state hackers. As Slowmist founder Yu Chuan said, "Security is not a cost, but the bottom line of survival."