From the Bybit hacking incident, looking at exchange security: How can security and compliance lead to the healthy development of the platform?

Industry Express
2025-02-26 16:39:12
Collection
Exchanges, as the core infrastructure of the cryptocurrency industry, place paramount importance on asset security. How to build a comprehensive and reliable security system to protect user assets has become a key task for every compliant exchange.

On the evening of February 21, Beijing time, on-chain detective ZachXBT detected an abnormal outflow of $1.46 billion in ETH from Bybit, with mETH and stETH being exchanged for ETH on DEX. In terms of amount, this could become the largest hacking incident in cryptocurrency history.

Bybit responded quickly, stating on their official Twitter, "This incident involves an ETH multi-signature cold wallet. The attacker exploited a logic vulnerability in the smart contract to manipulate the signature interface, making the transaction appear as a normal transfer on the surface, but the underlying logic was tampered with, allowing the hacker to successfully control the cold wallet and extract assets." Subsequently, Bybit's CEO conducted a two-hour Twitter live stream to share the latest developments of the incident and answer user questions.

Following this, Bybit's trading platform saw an inflow of over $4 billion within 12 hours. Although specific investigation results have not yet been released, several security experts speculate that the incident may have originated from a hacker attack on the signer’s computer or intermediary interface. The hacker quietly altered the transaction content while waiting for multi-signature executors to perform daily signatures, upgrading the smart contract to a malicious contract with a backdoor, thus extracting all funds.

In recent years, incidents of digital asset theft have occurred multiple times, typically manifesting as the following several types of security issues:

Theft of hot wallet assets: Some exchanges have a high proportion of assets stored in hot wallets, making them vulnerable to significant asset loss due to vulnerabilities.

Internal management vulnerabilities: Some exchanges may have risks of employees acting maliciously or assisting external attacks due to poor management.

Insufficient security vendors: Failure to collaborate with top security service providers leads to an inability to timely detect and respond to potential threats.

Lack of insurance mechanisms: After extreme events occur, exchanges find it difficult to compensate for user asset losses due to a lack of insurance coverage.

This Bybit incident did not involve the theft of hot wallets, and other assets were unaffected, with withdrawal services operating normally throughout. This indicates that the problem did not stem from internal management or withdrawal processes, but rather from hackers exploiting technical vulnerabilities for precise attacks.

As the core infrastructure of the cryptocurrency industry, asset security is crucial for exchanges. Hacker attacks not only result in massive financial losses but can also affect platform credibility and even undermine the entire industry's trust system. Building a comprehensive and reliable security system to protect user assets has become a key task for every compliant exchange.

In the virtual asset trading field, the construction of security systems is facing dual drives from technological iteration and regulatory norms. Industry observations show that leading licensed trading platforms globally generally adopt a "cold and hot wallet separation + multi-signature" core architecture, establishing a security defense line through multi-dimensional prevention and control mechanisms:

Standardization of fund isolation technology:

  • System-level physical isolation: Cold and hot wallets are set up in independent secure houses, with dedicated computers equipped with intrusion prevention systems. Hot wallet servers only handle user order demands, while cold wallet devices are completely physically disconnected from the network.

  • Dynamic quota management: Different jurisdictions set differentiated hot wallet ratios, for example, 2% for Hong Kong regulatory hot wallets and 10% for Dubai regulatory hot wallets.

  • Intelligent risk control triggering: Fund transfers must be triggered by smart aggregation of order demands, eliminating the possibility of manual intervention.

Bank-grade risk control for cold and hot conversion systems:

  • The operational process implements a "three-person four-eye" mechanism, covering wallet management, security audits, financial monitoring, and other departmental collaboration.

  • At the hardware level, cold and hot wallets are placed in independent secure houses, with hot wallet servers handling order demands and cold wallet devices permanently physically disconnected from the network.

Innovative practices of licensed institutions:

For example, Coinbase has the strictest security measures in asset management globally. The platform employs multi-signature technology to ensure that every fund transfer requires approval from multiple authorizers, thereby reducing the risk of a single account being compromised. Additionally, Coinbase conducts regular security audits and compliance checks to ensure that all platform processes adhere to industry best practices, further enhancing user trust.

Similarly, HashKey Global has partnered with Slowmist to achieve deep integration of multi-signature protocols and cold storage systems. Slowmist's independently developed key sharding management system completes the dynamic authorization verification process of key holders in a physically isolated cold wallet environment through a distributed signature verification mechanism. This technological breakthrough allows cold wallet operations to meet physical isolation requirements while achieving permission segmentation through key sharding.

Strengthening asset protection: Innovation in insurance mechanisms

In addition to technical safeguards, insurance mechanisms have also become an important means for cryptocurrency exchanges to protect user asset security. Taking Kraken as an example, the platform collaborates with professional insurance companies to provide insurance coverage for assets stored on the platform. Kraken's insurance covers losses of certain digital assets during storage due to hacker attacks or other security vulnerabilities. Although insurance cannot completely cover all risks, it provides users with a certain baseline of protection.

OneDegree, which holds a virtual insurance license from the Hong Kong Insurance Authority, is an important partner in the industry, collaborating with leading platforms like BitGo and HashKey Global to provide comprehensive insurance protection for user assets. The insurance covers extreme events such as earthquakes and other unforeseen risks, ensuring the safety of user assets. Each year, exchanges invest significant funds in user asset insurance, not only enhancing platform security but also increasing user trust.

Strict compliance requirements

Compliance is not only a legal and regulatory requirement but also a necessary guarantee for exchanges to ensure fund security and enhance user trust. As a licensed exchange, Coinbase has invested significant resources in compliance, obtaining money transmitter licenses in multiple U.S. states and electronic money licenses in Europe. The acquisition of these licenses not only proves the platform's compliance but also provides users with stronger protection.

Kraken has also taken similar measures regarding compliance. The platform has obtained legal operating licenses in multiple countries and regions and strictly adheres to various regulatory requirements in its operations. By closely cooperating with regulatory agencies, Kraken ensures that its business activities comply with local laws and regulations, avoiding security risks arising from compliance issues.

Balancing compliance and crypto nativeness

Finding a balance between compliance and crypto innovation is one of the biggest challenges faced by exchanges. For example, if a virtual asset exchange wants to operate in Europe, it must first obtain a MiCA license. Licensed entities need to strictly adhere to the requirements of the local jurisdiction to ensure compliant operations of the platform. This also guarantees the platform's crypto nativeness, enabling it to respond more quickly to market trends, create innovative products, and meet user demands.

As the cryptocurrency industry continues to develop, the issue of asset security for exchanges will become increasingly important. Exchanges need to build a more comprehensive asset security system through technological innovation, strict compliance management, and insurance mechanisms, while maintaining the platform's flexibility and market responsiveness, to provide strong protection for users and promote the healthy development of the global digital asset industry.

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
ChainCatcher Building the Web3 world with innovators