++Summary of Views++ ++:++

1. Frequent Security Vulnerabilities Break the Illusion of Industry Safety

1. The theft of $1.4 billion from Bybit and $50 million from Infini, along with a series of large-scale hacker attacks, exposes the industry's security vulnerabilities.
2. Exchanges, wallet providers, and industry regulators all need to take responsibility for security, but currently, there is a lack of unified security standards in the industry.
3. Cold wallets are not absolutely secure; security vulnerabilities often arise from human operations and negligence in system permission management.

2. Market Sentiment Fluctuates Dramatically, Industry Self-Rescue and Regulatory Response Lag Behind

1. After the Bybit incident, market panic intensified, but institutional funds quickly flowed in at $4 billion, demonstrating the industry's resilience.
2. Although regulatory agencies (such as the FBI in the U.S.) did not intervene immediately, they have begun investigations and called for global exchanges to assist in freezing hacker funds.
3. Mature regulatory frameworks in the EU, Singapore, and elsewhere may prompt the industry to strengthen security standards, while the U.S. may accelerate anti-money laundering and KYC regulatory legislation.

3. Investors Should Adopt Anti-Fragile Strategies and Enhance Their Security Awareness

1. Choose compliant and transparent platforms, paying attention to team backgrounds, reserve proofs, past security records, and other factors.
2. Diversify investments and manage risks to reduce overall losses from single points of failure, combining centralized exchanges, DeFi protocols, hardware wallets, and other diverse storage methods.
3. Optimize personal security operations by adopting multi-signature, cold-hot wallet isolation, permission management, and other measures to reduce human operational risks.
4. Seek opportunities in crises; during the accelerated process of industry security standardization and institutionalization, reasonably allocate assets to avoid short-term losses and seize long-term gains.

4. Industry Trend: The Crypto Market is Entering an Institutional Era

1. Although market sentiment is low in the short term, strengthened regulation, innovations in security technology, and accelerated compliance processes will drive the market towards maturity.
2. Investors with anti-fragile thinking will gain an advantage in turmoil, adjusting strategies to adapt to market changes by borrowing the "anti-fragile" concept.

From Cold Wallets to Hot Crises: How Major Failures Trigger Turbulence and How Investors Can Be Anti-Fragile?

Less than two days after the theft of over $1.4 billion from Bybit, the financial payment platform Infini in Hong Kong was again hacked for nearly $50 million. In an atmosphere of heightened anxiety, investor sentiment was once again shrouded in pessimism. Although there have been many theft incidents in history, such consecutive large-scale thefts cast a shadow over an already fragile market. This raises the question: how should investors view the series of theft incidents in the industry and how should they actively adjust their strategies to remain optimistic in the face of industry pessimism?

1. From Bybit to Infini: The Security Illusion Behind Breached Defenses

Regarding the historically largest theft incident at Bybit, there have been numerous analyses from various angles in the market (4 Alpha has also followed up on the incident promptly). However, before the industry could fully calm down from the panic surrounding this event, Infini was hacked for nearly $50 million again.

Although, like Bybit, Infini claimed full compensation immediately, this did not alleviate market concerns. People couldn't help but reflect: why, in light of numerous historical theft incidents, do the security defenses of industry giants still get breached? A deeper analysis reveals that these theft incidents involve not only vulnerabilities in the security systems of the projects/exchanges themselves but also a series of issues related to regulation and the establishment of unified security standards in the blockchain industry.

1. Main Attack Process and Causes of the Bybit Incident

For the theft at Bybit, multiple industry security organizations have confirmed that the hackers primarily came from the notorious North Korean hacker group Lazarus Group. According to the latest investigation results from February 26, this group infiltrated a machine belonging to Safe developers through social engineering or other means, gaining access to the front-end infrastructure, deploying malicious code, deceiving three signers of Bybit, and successfully stealing over $1.4 billion in Ethereum assets from Bybit's cold wallet (a product of the Safe team). The Infini theft incident has been clarified to have occurred due to the malicious exploitation of internal engineers' system permissions, with hacking methods nearly identical to those in the Bybit incident.

|-------------------------------------------------------------------------------------| | Chart: Attack Process of Bybit Exchange | | | | Illustration: Created by 4 Alpha Group |

In the Bybit incident, although the Safe team provided an investigation and explanation report promptly, many industry figures, including Binance's former CEO CZ, expressed dissatisfaction with the Safe security team's statement, particularly regarding the lack of a detailed report on the specific intrusion methods. From the perspective of the attack entry, as a wallet provider, the Safe team should bear primary responsibility, as there were deficiencies in both their development process and infrastructure security. However, whether such incidents are solely the responsibility of the wallet provider requires further discussion and reflection.

2. The Theft of Cold Wallets Highlights the Lack of Unified Security Consensus in the Industry

Whether it is the theft of Bybit or Infini, it serves as a warning to the entire industry: first, we should not overly rely on the illusion of security brought by technology; any technology can be breached; second, neglecting human security defenses can lead to fatal consequences.

Cold wallets have long been viewed as the "ultimate safe" for crypto assets, but the Bybit incident shattered this illusion. The cold wallet itself was not directly breached; rather, it was bypassed through front-end manipulation, exposing the vulnerability of relying on a single technological solution. A deeper issue is that the industry lacks unified security standards and consensus. Whether it is exchanges or project parties, they often build their protective systems based on their understanding rather than following common best practices. For example, Bybit did not set up a secondary review mechanism for cold wallet operations, and Safe did not strictly isolate development permissions, providing hackers with opportunities due to these human oversights.

Moreover, asset custody, insurance mechanisms, and security audits have yet to form systematic norms within the industry. Historically, from Mt. Gox to multiple theft incidents at Binance, it has shown that despite technological advancements, the ability to systematically counter hackers has improved only marginally. The root cause lies in the fragmented regulatory environment, which makes it difficult to unify investor protection and security standards, leading to varying security levels across platforms. In this situation, the concentration of massive assets in a few protocols or platforms has instead become a primary target for hackers.

2. Industry Response After Thefts: From Panic to Self-Healing, Insights from the Collective Experience

After the significant theft at Bybit, the CEO quickly went live to disclose relevant information and did not suspend withdrawals. Within 12 hours after the peak withdrawal period, the entire system returned to normal. However, during this process, the industry experienced significant fluctuations, and both market participants and industry regulators responded accordingly.

1. Industry Self-Rescue and Resilience

Following the Bybit incident, several industry organizations extended a helping hand to assist the exchange in overcoming difficulties, with net inflows exceeding $4 billion within 12 hours, reflecting the industry's maturity in crisis response. Particularly within four hours after the incident, organizations like Elliptic and Chainalysis confirmed that the attack originated from the Lazarus Group and assisted in tracking the flow of funds.

It is noteworthy that user reactions were polarized. Despite Bybit's promise of full compensation, withdrawal volumes surged, and on-chain data showed a rapid increase in stablecoin transfers, with significant funds flowing into DeFi protocols. This indicates that even for the top three exchanges in the industry, users still tend to "vote with their feet," prioritizing self-protection over trusting platform promises in the face of a massive hacking incident. The market panic and greed index plummeted to extreme fear levels in a single day, highlighting the difficulty of restoring confidence.

The response to the Infini incident was similar. Although its scale was smaller, the consecutive attacks intensified market anxiety. Project parties and security companies began calling for enhanced permission management and third-party audits, with some institutions even proposing the establishment of an industry mutual aid fund to address similar crises. These real conditions in the industry indicate that user trust across the entire sector is relatively fragile, underscoring the urgency of accelerating regulatory compliance.

2. Regulatory Bodies Did Not Intervene Immediately, But Their Attitude Towards Regulation May Be Influenced

Behind both incidents, we see more industry actions. Regulatory bodies around the world did not speak out immediately, but this does not mean that there is no impact on regulation. Just this Thursday, the FBI in the U.S. has intervened in the investigation of the Bybit theft case and called for global exchanges to assist in freezing the relevant assets of the North Korean hacker organization.

In regions like the EU and Singapore, where there are already relatively mature regulatory systems, these incidents may further strengthen the enforcement of compliance frameworks. For the U.S., we expect that these incidents may prompt regulatory agencies to reconsider anti-money laundering and related KYC requirements for crypto platforms. Although President Trump promised to create a "crypto capital," from the SEC's previous regulatory stance, "technological neutrality" and "investor protection" are important bases and principles for regulation. This may, to some extent, accelerate regulatory legislation and hasten the overall process of standardizing security in the industry.

From users "voting with their feet" on security to the lag in regulatory responses, it reveals that the entire crypto industry is still in a state of security deviation. However, with the advancement of global regulatory legislation and the acceleration of compliance processes, the crypto industry is becoming increasingly mature and mainstream, which is inevitable. This means that for investors, one should never overlook investment risks and asset security in the current industry.

3. How Investors Adjust: Rebuilding Anti-Fragility, Security and Compliance Remain Paramount

As a responsible asset management institution, in light of the consecutive large-scale hacking incidents at Bybit and Infini, we firmly believe that security and compliance are not only the primary guarantees for institutional operations but also the highest priority for protecting client assets. These incidents not only sound the alarm for the industry but also provide investors with an opportunity to reassess their strategies.

In a turbulent market environment, we advise investors to shift from "passive panic" to "active anti-fragility," responding to uncertainty with a more resilient mindset. Here are specific recommendations based on our years of experience and professional insights:

1. Choose Compliant and Transparent Platforms, but Pay More Attention to Team Professionalism and Industry Reputation

When selecting an investment platform, compliance and transparency are basic thresholds, but they are far from sufficient to cope with the increasingly complex risk environment. We recommend that investors deeply assess the professionalism of the platform's team and its industry reputation, as these are often key indicators of long-term reliability. A team with rich financial backgrounds, technical expertise, and crisis response capabilities can demonstrate stronger adaptability and responsibility in critical moments. For example, as an asset management institution, we comprehensively evaluate potential strategy partners, including but not limited to reserve proofs, audit reports, and past crisis response situations, to ensure that every asset entrusted by clients can withstand the test of time. Investors can also adopt this standard, choosing platforms that demonstrate accountability in crises and maintain transparency in compliance.

2. Enhance Self-Security Awareness, Diversify Risks, and Reduce Overall Losses from Single Points of Failure

Technical vulnerabilities and human negligence are core lessons from this hacking incident, reminding investors to proactively enhance their security awareness rather than relying entirely on platform promises. While cold wallets are not a panacea, they remain an effective tool for personal asset protection. Regularly checking permission settings and avoiding links from unknown sources can significantly reduce the risk of being attacked. At the same time, diversifying investments is an effective strategy to guard against single points of failure. We recommend that investors allocate assets across various platforms (such as centralized exchanges, DeFi protocols, and hardware wallets) and diversify across regions and asset classes.

3. Strictly Adhere to Security Operation Requirements and Continuously Optimize Security Measures

Security is not only a technical issue but also a manifestation of processes and discipline. As an asset management institution, we strictly implement multi-signature, cold-hot wallet isolation, and permission tier management in our daily operations, conducting regular audits to ensure that protective measures are up to date. Investors should also view security operations as a norm. In the face of constantly evolving hacker techniques, protective measures must be continuously optimized. We recommend that investors stay informed about industry dynamics, learn the latest security best practices, and introduce professional custody services or insurance mechanisms when managing larger asset scales to further strengthen defenses. This shift from passive defense to proactive optimization is a key step in achieving "anti-fragility."

4. The Industry is Rapidly Entering an Institutional Era, Finding Opportunities in Crises

Although market sentiment is low in the short term due to hacking incidents and external macro factors, we believe that crises often serve as catalysts for industry self-repair and upgrading. Strengthened regulation, innovations in security technology, and the proliferation of decentralized solutions will bring long-term benefits to compliant platforms and projects. Investors can take advantage of market panic to prudently allocate assets, seeking investments that offer the best match of stability and returns.

Our investment strategy always revolves around this principle, capturing excess returns for clients amid turmoil through multi-strategy asset management solutions while ensuring that security and compliance serve as the baseline, guaranteeing that every return withstands the test of risk.

Drawing on Nassim Taleb's concept of "anti-fragility," we also encourage investors to view crises as opportunities to optimize strategies rather than mere threats. For example, building positions in quality assets during extreme market panic or choosing relatively stable quantitative arbitrage strategies can help investors avoid losses in the short term and gain an advantage when the industry recovers.