The biggest security incident in the crypto space: Panoramic link tracking and analysis of the Bybit incident

At 11:20 pm on February 21, Beijing time, ZachXBT published a message that shocked the crypto industry: "A suspicious fund outflow of $1.46 billion was detected on Bybit". This incident has attracted widespread attention in the entire crypto field. According to the monitoring data of blockchain security compliance company Beosin Trace, Bybit did encounter an unprecedented security incident, resulting in the withdrawal of about $1.44 billion in funds. The stolen assets include:

401,347 ETH, worth $1.12 billion;

90,376 stETH, worth $253.16 million;

15,000 cmETH, worth $44.13 million;

8,000 mETH, worth $23 million.

More than $1.4 billion in ETH-related assets may be the largest amount of stolen money in the history of the crypto field, which has further exacerbated the market's concerns about the performance of ETH prices and the security of Bybit's assets.

Hacker's methods and incident details

Subsequent investigations revealed the specific details of the Bybit attack. Bybit's co-founder Ben Zhou confirmed the incident at the first time, saying that Bybit's official cold wallet had been hacked and began to deal with related security issues urgently.

The Beosin security team analyzed that the attack method of this incident is similar to that of WazirX. Both used the front-end UI to deceive the multi-signature wallet to sign malicious content, tampered with the logic implementation contract of the multi-signature wallet, and caused the funds in the multi-signature wallet to be transferred out.

Beosin Trace has tracked that the funds are currently divided into groups of 10,000 ETH and deposited in more than 40 Ethereum addresses. All hacker addresses have been added to the Beosin tag library. Beosin KYT will alert all fund transfers involving hacker addresses.

After the Beosin security team analyzed the address from which the hacker launched the initial attack, it was found that the handling fee funds of the address came from Binance.

The corresponding 4 Binance exchange withdrawal transaction hashes are:

0x64953fc1432bf106f5e8d6b0927a39130865fec013d8403bba8fc4382515884c

0xb9f9e43dc23bdb7b231925dc01e828990d3f84b8ad3305e83ffb6848711f871c

0x64953fc1432bf106f5e8d6b0927a39130865fec013d8403bba8fc4382515884c

0xb9f9e43dc23bdb7b231925dc01e828990d3f84b8ad3305e83ffb6848711f871c Bybit’s Response and Actions At 00:07 on the 22nd, Bybit co-founder Ben Zhou The post responded: "Even if the losses caused by this hacker attack cannot be recovered, Bybit's assets are still 1:1 guaranteed and we can bear the losses." At 8:54 this morning, Bybit co-founder and CEO Ben Zhou posted on the X platform: "Since the hacker attack (10 hours ago), Bybit has experienced the most withdrawals we have ever experienced. We have received more than 350,000 withdrawal requests in total, and so far, there are about 2,100 withdrawal requests pending. Overall, 99.994% of withdrawal requests have been successfully completed. If your withdrawal has been completed, please leave a message here. Although we may have suffered the worst hacker attack on any platform in history (including banking, encryption, and finance), all Bybit functions and products are still operating normally. The entire team stayed up all night to handle and answer customer questions and concerns. All hands on deck. Rest assured, we are with you. ”

At 10:51 am, Ben Zhou posted on the X platform: “It has been 12 hours since the worst hacker attack in history. All withdrawals have been processed. Our withdrawal system is now fully back to normal speed and you can withdraw any amount without any delay. Thank you for your patience and we are deeply sorry for this. Bybit will release a full incident report and security measures in the next few days. I will also personally inform everyone of any new updates. Thank you to our customers, friends and partners who helped and supported us during these painful 12 hours. The real work has just begun. ”

Industry Alarm Bell for Security Issues

Bybit's experience reflects the vulnerability of the entire crypto industry in security protection. Due to the decentralized characteristics and the operating model of the exchange itself, the crypto asset market has always faced great security risks. As the hub of crypto assets, the security issues of centralized exchanges are directly related to the asset security of users and the stability of the entire market.

In fact, security incidents in the crypto industry are common. Historically, many exchanges and platforms have suffered similar hacker attacks, or even more serious fund thefts. For example, Mt. Gox's explosive incident, or the thefts in exchanges such as WazirX and KuCoin in recent years, have shaken the crypto market. The Bybit incident has once again sounded the alarm for the industry.

The hacker attack on Bybit is not only a technical lesson for the crypto platform, but also a profound warning to the entire crypto industry. The security of the exchange is directly related to the healthy development of the market, and all parties in the industry still have a lot of work to do in strengthening security protection and improving technical levels. For users, improving their own risk awareness and choosing a more secure platform for trading will also be an important part of future digital asset investment that cannot be ignored.