Bybit CEO Ben Zhou revealed in a live broadcast on Friday that the company had suffered a $1.5 billion hack, which resulted in the theft of 70% of customers’ Ethereum (ETH) assets.
Zhou pointed out that companies usually store 60% to 70% of their funds in cold wallets with higher security, but unfortunately, these funds were also stolen in this attack.
The hacker attack caused huge losses to the exchange
On-chain analyst ZachXBT and other investigators revealed the specific methods of the hacker attack. Among them, more than 400,000 Ethereum were transferred from Bybit's cold wallet address to other unknown addresses and quickly converted into mETH and stETH tokens. The reason for the success of this attack is that the hacker induced the person who held the cold wallet key to sign a malicious transaction that looked legitimate. Although the specific details of the fraud are not yet clear, it is speculated that it may have been achieved by hacking into the user interface or computer system.
Cryptocurrency chain detective ZachXBT submitted conclusive evidence on Friday that the Bybit hack was carried out by the North Korean "Lazarus Group". Lazarus is one of the most notorious hacker groups in the world and has previously attacked several large cryptocurrency exchanges.
Despite the huge losses, Ben Zhou still promised customers and fans that the exchange will fully bear the losses of all customers and will compensate them at a ratio of 1:1. Currently, Bybit is negotiating with partners to obtain a transitional loan to maintain liquidity as the company is facing a large number of withdrawal requests.
Solutions and suggestions from industry leaders
Binance co-founder Changpeng Zhao made a prudent suggestion that Bybit should temporarily suspend all withdrawals as a standard security precaution to ensure the safety of user funds. He further stated that he is willing to provide necessary assistance if Bybit needs it. However, Bybit CEO Mr. Zhou insisted that suspending the exchange's withdrawal services was not his intention.
Meanwhile, BitMEX co-founder Arthur Hayes took a more lighthearted approach, calling on Ethereum founder Vitalik Buterin to “roll back the chain” to help Bybit reverse the losses from the attack.
Regarding the topic of "rollback", Ethereum core developer timbeiko.eth published an article to elaborate on it. He pointed out that although Bitcoin was able to have its blockchain 15 years ago, due to the interconnected nature of Ethereum and the complexity of settlement of on-chain and off-chain economic transactions, this "rollback chain" operation has become quite complicated and difficult at present.
Conclusion:
This incident also sounded the alarm for the industry. How to improve the security of exchanges and the anti-attack capabilities of blockchain has become a core issue that the industry needs to solve urgently.
While enjoying the high returns of cryptocurrencies, investors must also be vigilant about security risks, choose reliable trading platforms and reasonably diversify risks to cope with market uncertainties.
Will this incident affect your confidence in centralized exchanges? How should exchanges deal with similar security challenges? See you in the comments section!