1.5 billion dollars worth of ETH stolen again raises alarms; how can exchanges build a trust defense system?

On February 21, Bybit experienced a historic hacker attack, resulting in approximately $1.5 billion worth of Ethereum being stolen. This incident quickly became a hot topic in the industry, prompting deep reflections on the security of crypto assets both within and outside the crypto community. Just as the crypto market was beginning to warm up, this attack undoubtedly sounded the alarm for the industry, urging exchanges to reassess their security systems.

Over 500,000 ETH Stolen, the Largest Theft in Crypto History

According to reports, the attack occurred when Bybit's Ethereum multi-signature cold wallet executed a transfer to the hot wallet. The attacker used advanced phishing techniques and social engineering to deceive signers into approving malicious transactions, resulting in the transfer of 514,000 ETH to an unknown address. The Bybit CEO announced in a post on X that the attacker disguised the UI and URL, showing the correct address while altering the smart contract logic, successfully taking control of the cold wallet.

The hacker from this attack has become the 14th largest ETH holder globally, currently holding about 0.42% of the total supply of Ethereum tokens, surpassing the holdings of Fidelity and Vitalik, and more than twice that of the Ethereum Foundation. The scale of the attack and the amount involved are unprecedented in the history of cryptocurrency, delivering a heavy blow to the industry. As the crypto market showed signs of recovery after several days of gains, it began to plummet significantly.

Before the news broke, the price of ETH had risen to a peak of $2,845. Under the catalyst of market panic, the price of ETH briefly dropped by 8%, while Bitcoin fell nearly 5% from its peak that day, and other altcoins also saw significant declines, with over $400 million in liquidations across the network in a short period.

Fortunately, thanks to Bybit's rapid response and the technical and liquidity assistance from various industry participants, the stolen incident was temporarily quelled. The price of Ethereum rebounded to above $2,700 after a day of sharp decline, alleviating market panic.

The Security of Cryptocurrency Exchanges Highlighted Again

This Bybit hacking incident has once again sparked widespread concern in the industry regarding the security of cryptocurrency exchanges. Due to the irreversible nature of blockchain transactions, once funds are stolen, they are nearly impossible to recover. Therefore, exchanges must adopt multi-layered security measures to protect asset safety.

As a global partner of the Argentina national team and the only recommended trading platform, 4E always prioritizes asset custody security. Through a series of advanced and rigorous security and risk control mechanisms, it provides reliable security protection for users' assets.

1. Multiple Wallet Separation, Strict Cold and Hot Wallet Ratio. 4E employs a multi-wallet separation mechanism, strictly regulating the ratio of cold and hot wallets, with over 95% of user funds stored in offline cold wallets, fundamentally avoiding the risks associated with being online and ensuring maximum security isolation for user assets.

2. Multi-signature Ensures Private Key Security. This attack exposed vulnerabilities in the cold wallet transfer process, particularly the weaknesses of multi-signature wallets against advanced phishing attacks. The attacker deceived signers through disguised UI and URL, indicating that the signature verification process is also a key focus of security protection. 4E's multi-signature wallet requires approvals from multiple signers, with the signing process encrypted at multiple levels, combined with hardware security modules and strict verification processes to ensure immutability, effectively preventing similar attacks.

3. Strict Regulatory Requirements and Process Standards. 4E strictly adheres to regulatory requirements and process standards at every stage of asset management. Additionally, mechanisms such as least privilege and back-to-back isolation operations are applied in practice to minimize the possibility of human risk. The decentralized and layered management approach ensures that any individual error or mistake does not affect the overall security of the platform's funds.

4. Regular Security Audits. 4E collaborates with leading security companies in the industry to conduct regular security assessments, promptly identifying and fixing potential vulnerabilities. It also establishes a weekly offensive and defensive drill mechanism with partners, simulating hacker infiltration to enhance security inspection and protection capabilities. Meanwhile, important internal network servers are isolated, with permission control and account permission recovery established to prevent information leakage due to excessive permissions, creating various audits and monitoring, with logs stored, processed, and alerted centrally.

5. $100 Million Insurance Fund: 4E has a dedicated insurance fund to address unexpected security incidents. By allocating a portion of the platform's profits to this fund, it is specifically used for various potential accidents and can be called upon at any time when needed, providing additional security for traders' assets. Currently, 4E's risk protection fund has accumulated over $100 million.

The series of strict security measures implemented by the 4E platform significantly reduces the risk of asset theft and has proven its efficiency and reliability in past operations. Over the years, 4E has maintained a zero-accident record, with no major security incidents occurring, earning the trust of users and positive evaluations within the industry.

The Bybit hacking incident undoubtedly casts a shadow over the cryptocurrency industry, but it also provides an opportunity for reflection and progress, helping to promote the simultaneous upgrade of technology and regulation. The prospects for the crypto industry are promising, and the continuously strengthened security guarantees will become the driving force and cornerstone for the industry's sustained prosperity.