币圈王百亿
--
Cold wallets have multiple signatures (3 signatures), or have they been stolen...
Is (cold wallets) safe?
Do you believe it was done by hackers, or did they steal from their own company?
Use plain language to explain the theft of Bybit's hot wallet (the whole process is like robbing a bank):
The first step [making fake keys in advance]
A thief secretly built a "fake key factory" (a malicious program written by hackers) on February 19, 2023, but he hadn't started yet, just like the robber had dug a tunnel in advance but hadn't entered the bank yet.
The second step [replacing the prince with a cat]
Key point: Bybit's wallet is like a high-end safe, which requires 3 keys to unlock at the same time to be safe.
Time of the incident: On February 21, the thief actually took 3 forged "boss keys" and replaced the lock cylinder of the real safe with a fake lock cylinder made by himself. Just like a robber bribed the security guard and replaced the door of the bank vault with an identical fake door.
Step 3 [Hidden Mechanism]
The thief set up a mechanism button in the fake lock core:
The red button for stealing ETH (sweepETH)
The blue button for stealing other coins (sweepERC20)
It is equivalent to installing a secret passage in the safe. As long as the button is pressed, the money will automatically fall into the robber's pocket.
Step 4 [One-click Clear]
Finally, the thief pressed these two buttons, just like using a remote control to directly suck all the money in the safe.
The most sassy operation:
The entire lock-changing process is completely public and traceable on the blockchain (transaction record 0x46de...), but it is like a robber changing the bank door in front of the police. No one reacted at the time. It was not until the money was transferred that it was discovered that the lock had been swapped.
Lessons learned:
1. Multi-signature wallets are not absolutely safe, and key storage is more important
2. Contract upgrades must be verified multiple times
3. Don't let the program automatically perform high-risk operations
Now you know why blockchain transfers have to wait so long for confirmation? It's just afraid of this kind of high-end operation!
#bybit被盗 #钱包安全 $SOL $BNB $ETH
Is (cold wallets) safe?
Do you believe it was done by hackers, or did they steal from their own company?
Use plain language to explain the theft of Bybit's hot wallet (the whole process is like robbing a bank):
The first step [making fake keys in advance]
A thief secretly built a "fake key factory" (a malicious program written by hackers) on February 19, 2023, but he hadn't started yet, just like the robber had dug a tunnel in advance but hadn't entered the bank yet.
The second step [replacing the prince with a cat]
Key point: Bybit's wallet is like a high-end safe, which requires 3 keys to unlock at the same time to be safe.
Time of the incident: On February 21, the thief actually took 3 forged "boss keys" and replaced the lock cylinder of the real safe with a fake lock cylinder made by himself. Just like a robber bribed the security guard and replaced the door of the bank vault with an identical fake door.
Step 3 [Hidden Mechanism]
The thief set up a mechanism button in the fake lock core:
The red button for stealing ETH (sweepETH)
The blue button for stealing other coins (sweepERC20)
It is equivalent to installing a secret passage in the safe. As long as the button is pressed, the money will automatically fall into the robber's pocket.
Step 4 [One-click Clear]
Finally, the thief pressed these two buttons, just like using a remote control to directly suck all the money in the safe.
The most sassy operation:
The entire lock-changing process is completely public and traceable on the blockchain (transaction record 0x46de...), but it is like a robber changing the bank door in front of the police. No one reacted at the time. It was not until the money was transferred that it was discovered that the lock had been swapped.
Lessons learned:
1. Multi-signature wallets are not absolutely safe, and key storage is more important
2. Contract upgrades must be verified multiple times
3. Don't let the program automatically perform high-risk operations
Now you know why blockchain transfers have to wait so long for confirmation? It's just afraid of this kind of high-end operation!
#bybit被盗 #钱包安全 $SOL $BNB $ETH
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.
1
0