The collapse of a giant company caused shocks. How can investors resist fragility?

Summary of viewpoints:

1.Frequent security vulnerabilities break the illusion of industry security

1. Bybit was stolen for $1.4 billion, Infini was stolen for $50 million, and the successive large-scale hacker attacks exposed the vulnerability of industry security.

2. Exchanges, wallet providers, and industry regulators are all responsible for security, but the industry currently lacks unified security standards.

3. Cold wallets are not absolutely safe, and security vulnerabilities often come from human operations and negligence in system permission management.

2.Market sentiment fluctuates violently, and industry self-rescue and regulatory response lag behind

1.  After the Bybit incident, market panic intensified, but institutional funds quickly flowed in $4 billion, showing the resilience of the industry.

2. Although regulatory agencies (such as the US FBI) ​​did not intervene immediately, they have begun investigations and called on global exchanges to help freeze hacker funds.

3.  The mature regulatory frameworks in the European Union, Singapore and other places may prompt the industry to strengthen security standards, and the United States may accelerate anti-money laundering and KYC regulatory legislation.

Third,Investors should adopt anti-fragility strategies and enhance their own security awareness

1. Choose compliant and transparent platforms, and pay attention to factors such as team background, reserve proof, and past security records.

2. Diversify investment and risk management, reduce the overall loss caused by single point failures, and combine centralized exchanges, DeFi protocols, hardware wallets and other diversified storage methods.

3. Optimize personal security operations, adopt multi-signature, cold and hot wallet isolation, permission management and other measures to reduce human operation risks.

4. Find opportunities in crises, and rationally allocate assets in the process of accelerating industry security standardization and institutionalization, avoid short-term losses, and grasp long-term benefits.

Fourth,Industry Trends: The Crypto Market is Entering the Institutionalization Era

1. Although market sentiment is low in the short term, enhanced supervision, innovation in security technology, and accelerated compliance will drive the market toward maturity.

2. Investors with anti-fragile thinking will gain an advantage in turbulence, learn from the concept of "anti-fragility", and adjust their strategies to adapt to market changes.

From cold wallets to hot crises: The loss of giants has caused shocks, how can investors be anti-fragile?

It has been less than two days since Bybit was stolen for more than 1.4 billion US dollars, and the Hong Kong-based financial payment platform Infini has been stolen again for nearly 50 million US dollars. For a while, in the market where the wind and the whistle were raging, investors' emotions were once again shrouded in pessimism. Although there have been many thefts in history, such a series of huge thefts have cast a shadow on the already fragile market. The thinking triggered by this is: how should investors view the successive thefts in the industry, and how should they actively adjust their strategies, and still dare to move forward optimistically when the industry is pessimistic.

1. From Bybit to Infini: The illusion of security behind the breach of the defense line

Regarding the Bybit theft, which is the largest single theft in history, there have been many angles and different dimensions of analysis in the market (4 Alpha has also followed up on the content of the incident at the first time), but when the industry has not completely calmed down the panic about this matter, Infini was stolen again for nearly 50 million US dollars.

Although Infini, like Bybit, immediately announced full compensation, this did not reduce the market's concerns. People can't help but reflect on why the security defenses of industry giants were still breached given the precedents of multiple thefts in history. Further analysis shows that the occurrence of these thefts involves not only loopholes in the security systems of the projects/exchanges themselves, but also a series of issues such as the supervision of the blockchain industry and the establishment of unified security standards.

1. The main attack process and reasons of the bybit incident

For the theft of Bybit, multiple industry security organizations have confirmed that the hackers are mainly from the notorious North Korean hacker group Lazarus Group. According to the latest investigation results on February 26, the organization hacked into a machine of a Safe developer through social engineering or other means, and obtained access to the front-end infrastructure, and used it to deploy malicious code, deceive the three bybit signers, achieve precise strikes, and successfully steal more than $1.4 billion in Ethereum assets from the Bybit cold wallet (Safe team product). It has been basically clear that the Infini theft was caused by the malicious use of the system permissions of internal engineers, and the theft was almost the same as the Bybit incident.

Chart: Bybit exchange attack process

Chart: 4 Alpha Group

In the Bybit incident, although the Safe team gave an investigation and explanation report as soon as possible, most industry professionals, including former Binance CEO CZ, were dissatisfied with the Safe security team’s statement, especially the lack of a detailed report on the specific intrusion method. From the perspective of the attack entry, the Safe team, as the wallet provider, should bear the main responsibility. There are deficiencies in its development process and infrastructure security. However, whether similar incidents are solely the responsibility of the wallet provider requires further discussion and thinking.

2. The theft of cold wallets highlights that the industry's security consensus has not yet been unified

Whether it is Bybit or Infini that was stolen, it is a warning to the entire industry: first, we should not over-rely on the security illusion brought by technology, as any technology may be hacked; second, ignoring the human security line will bring fatal consequences.

Cold wallets have long been regarded as the "ultimate safe" for crypto assets, but the Bybit incident broke this illusion. The cold wallet itself was not directly hacked, but was bypassed through front-end manipulation, which exposed the vulnerability of relying on a single technical solution. The deeper problem is that the industry lacks unified security standards and consensus. Whether it is an exchange or a project party, they often build a protection system based on their own understanding rather than following common best practices. For example, Bybit did not set up a secondary review mechanism for cold wallet operations, and Safe did not strictly isolate development permissions. These human negligence provided hackers with opportunities.

In addition, asset custody, insurance mechanisms and security audits have not yet formed systematic norms in the industry. Historically, multiple thefts from Mt.Gox to Binance have shown that despite technological progress, the ability to systematically fight hackers has been limited. The reason is that the fragmentation of the regulatory environment makes it difficult to unify investor protection and security standards, and the security levels of various platforms vary. Under this situation, huge assets are concentrated in a few protocols or platforms, which has become the primary target of hackers.

II. Industry response after the theft: from panic spread to industry self-healing, inspiration from all kinds of people

After the large amount of theft from Bybit, the CEO quickly broadcast the relevant situation live and did not suspend the withdrawal of coins. 12 hours after the peak of the withdrawal, the entire system returned to normal, but in this process, the industry experienced huge fluctuations, and at the same time, market participants and industry regulators responded.

1. Self-rescue and resilience of the industry

After the Bybit incident, multiple industry organizations lent a hand to help the exchange overcome the difficulties. The net inflow exceeded US$4 billion within 12 hours, reflecting the continuous improvement of the maturity of the industry's crisis response, especially within four hours after the incident. (such as Elliptic and Chainalysis) confirmed that the attack originated from Lazarus Group within 4 hours and assisted in tracking the flow of funds.

What needs to be paid attention to is that the user-side response is polarized. Although Bybit promised full compensation, the withdrawal volume still surged. On-chain data showed that the transfer volume of stablecoins rose rapidly, and a large amount of funds flowed into the DeFi protocol. This shows that even for the top three exchanges in the industry, users still tend to "vote with their feet" in the face of huge hacking incidents, giving priority to self-protection rather than trusting the platform's promises. The market panic greed index fell to an extremely panic level in a single day, highlighting the difficulty of restoring confidence.

After the Infini incident, the industry reacted similarly. Although its scale was small, the successive attacks exacerbated the market's uneasiness. Project owners and security companies began to call for strengthening authority management and third-party audits. Some institutions even proposed the establishment of an industry mutual aid fund to deal with similar crises. The real situation of these industries shows that the user trust of the entire industry is relatively fragile, which further highlights the urgency of accelerating regulatory compliance.

2. Regulators did not intervene at the first time, but there may be an impact on regulatory attitudes

Behind the two incidents, we can see more of the industry's actions. Regulators around the world did not speak out at the first time, but this does not mean that there is no impact on regulation. Just this Thursday, the US FBI has intervened in the investigation of the Bybit theft case and called on exchanges around the world to assist in freezing the relevant assets of the North Korean hacker group.

In the EU, Singapore and other countries, there are relatively mature regulatory systems. This incident may further strengthen the enforcement of regulatory compliance frameworks. For the United States, we expect that this incident may make regulators further think about the requirements for anti-money laundering and related KYC for crypto platforms. Although President Trump promised to build a "crypto capital", from the SEC's previous regulatory stance, "technical neutrality" and "investor protection" are important bases and principles for supervision. This may, to a certain extent, accelerate regulatory legislation and speed up the process of building the industry's entire security standardization. From users "voting with their feet" on security to the lag in regulatory voices, it is revealed that the entire crypto industry is still in a situation of security disorder, but with the advancement of global regulatory legislation and the acceleration of compliance, the crypto industry is becoming more and more mature and moving towards the mainstream. This means that for investors, in the current industry, investment risks and asset security should never be ignored at any time.

III. How investors adjust: Anti-fragility reconstruction, security and compliance remain the top priority

As a responsible asset management institution, in the face of the huge hacking incidents of Bybit and Infini, we always believe that security and compliance are not only the first guarantee for the operation of institutions, but also the highest priority for protecting customer assets. These incidents not only sounded the alarm for the industry, but also provided investors with an opportunity to re-examine their strategies.

In a turbulent market environment, we recommend that investors shift from "passive panic" to "active anti-fragility" and deal with uncertainty with a more resilient mindset. The following are our specific suggestions based on years of experience and professional insights:

1. Choose a compliant and transparent platform, but pay more attention to the team's professionalism and industry reputation

When choosing an investment platform, compliance and transparency are basic thresholds, but this is far from enough to cope with the increasingly complex risk environment. We recommend that investors deeply evaluate the platform's team professionalism and industry reputation, which are often key indicators of its long-term reliability. A team with rich financial background, technical expertise and crisis response capabilities can demonstrate greater resilience and sense of responsibility at critical moments. For example, as an asset management institution, when we screen strategic partners, we will comprehensively examine their platforms, including but not limited to proof of reserves, audit reports, past crisis response situations, etc., to ensure that every asset entrusted by customers can stand the test of time. Investors can also refer to this standard and choose platforms that show responsibility in crises and remain transparent in compliance.

2. Improve self-security awareness, diversify risks, and reduce overall losses caused by single point failures

Technical loopholes and human negligence are the core lessons of this hacking incident, which reminds investors to actively improve their security awareness rather than relying entirely on platform promises. Although cold wallets are not omnipotent, they are still an effective tool for personal asset protection. Combined with regular checks on permission settings and avoiding links from unknown sources, they can significantly reduce the risk of being attacked. At the same time, diversified investment is an effective strategy to resist single point failures. We recommend that investors allocate assets to multiple platforms (such as centralized exchanges, DeFi protocols, and hardware wallets) and configure them across regions and asset categories.

3. Strictly comply with safety operation requirements and continuously optimize security protection measures

Safety is not only a technical issue, but also a reflection of process and discipline. As an asset management institution, we strictly implement multi-signature, hot and cold wallet isolation and hierarchical management of permissions in daily operations, and conduct regular audits to ensure that protective measures keep pace with the times. Investors should also regard security operations as normal. In the face of the continuous evolution of hacker technology, protective measures need to be continuously optimized. We recommend that investors pay attention to industry trends, learn the latest security best practices, and introduce professional custody services or insurance mechanisms when the asset scale is large to further strengthen the defense line. This shift from passive defense to active optimization is a key step in achieving "anti-fragility".

4. The industry is rapidly entering the institutional era,Looking for opportunities in crises

Although market sentiment is depressed in the short term due to hacker incidents and external macro factors, we believe that crises are often catalysts for industry self-repair and upgrading. Strengthened supervision, innovation in security technology, and the popularization of decentralized solutions will bring long-term benefits to compliant platforms and projects. Investors can take advantage of the market panic to prudently arrange asset allocation and look for investments that have the greatest match between stability and returns.

Our investment strategy has always been centered around this principle. Through multi-strategy asset management solutions, we help clients capture excess returns in turbulence, while taking safety and compliance as the bottom line to ensure that every return can withstand the test of risk.

Drawing on Nassim Taleb's "anti-fragility" concept, we also encourage investors to view crises as opportunities to optimize strategies rather than simply threats. For example, building high-quality assets at low levels when the market is extremely panicked, or choosing relatively robust quantitative arbitrage strategies. Such proactive adaptability can not only help investors avoid losses in the short term, but also enable them to take the lead when the industry recovers.