ChainCatcher message, Ethereum co-founder Vitalik Buterin reminds that many users' losses of crypto assets are not due to theft, but rather due to software vulnerabilities, forgotten passwords, lost devices, accidental damage to paper wallets, and other reasons.He pointed out that since there are no attackers to hold accountable, many victims are ashamed to discuss these losses, but in reality, such incidents occur frequently. Vitalik emphasized that the security solutions for crypto wallets should also consider the issue of asset loss and called for the promotion of social recovery mechanisms to reduce permanent losses of assets due to personal errors.

ChainCatcher news, according to an announcement from the FBI, the Federal Bureau of Investigation has issued a Public Safety Announcement (PSA) confirming that a North Korean hacking group is responsible for the theft of approximately $1.5 billion in digital assets from the Bybit exchange.The FBI stated that the hacking group acted quickly, converting some of the stolen assets into Bitcoin and other digital assets, and dispersing them to thousands of addresses across multiple blockchains. It is expected that these assets will be further laundered and eventually converted into fiat currency.

ChainCatcher news, Safe responded on platform X to Bybit's hacking forensic report, stating that the forensic review of the targeted attack by the Lazarus Group on Bybit concluded that the attack on Bybit Safe was executed through compromised Safe{Wallet} developer machines, leading to disguised malicious transactions.Lazarus is a government-backed North Korean hacking organization known for its complex social engineering attacks on developer credentials, sometimes combined with zero-day vulnerabilities. The forensic review by external security researchers did not indicate any vulnerabilities in the Safe smart contracts or the source code of the front end and services.Following the recent incident, the Safe{Wallet} team conducted a thorough investigation and has now phased the restoration of Safe{Wallet} on the Ethereum mainnet. The Safe{Wallet} team has completely rebuilt and reconfigured all infrastructure and rotated all credentials to ensure the complete elimination of the attack vector.After the final results of the investigation are released, the Safe{Wallet} team will publish a complete post-mortem analysis. The Safe{Wallet} front end is still operational and has implemented additional security measures. However, users need to be extra cautious and vigilant when signing transactions.

ChainCatcher message, Slow Mist stated that on February 21, 2025, Bybit's on-chain multi-signature wallet was targeted and breached, with nearly $1.5 billion in assets quietly lost through a transaction with a "legitimate signature." Subsequent on-chain analysis revealed that the attacker gained multi-signature permissions through sophisticated social engineering attacks, implanted malicious logic using the delegatecall function of the Safe contract, and ultimately bypassed the multi-signature verification mechanism to transfer funds to an anonymous address. "Multi-signature" does not equal "absolute security"; even a secure mechanism like the Safe multi-signature wallet can still be at risk of being compromised if lacking additional protective measures.Bybit is using version v1.1.1 (<1.3.0) of the Safe contract, which means they cannot utilize the Guard mechanism, a key security feature. If Bybit had upgraded to version 1.3.0 or higher of the Safe contract and implemented an appropriate Guard mechanism, such as specifying a whitelist address for receiving funds and conducting strict contract function ACL verification, they might have been able to avoid this loss. Although this is merely a hypothesis, it provides important insights for future asset security management.

ChainCatcher news, according to feedback from several community members, a Binance user had their Google email hacked, and the funds in their Binance account were stolen in the form of exchange red envelopes. It is speculated that the 2FA security verification was ineffective due to the impact of the Google email. Currently, Binance officials have reported that they have contacted the user to address the issue. Additionally, Binance officials remind users: it is recommended to enable biometric login verification to avoid similar situations.Moreover, several users have reported that their Binance accounts are automatically logged out, requiring them to log in again to perform operations. In response, the officials stated that the Binance platform will undergo routine system maintenance from February 19 to 27, but other functions of user accounts will not be affected.

ChainCatcher message, according to Infini founder Christian's post on X, "Of the 50 million dollars stolen, seventy percent belongs to large friends I know personally. I have already communicated with each of them and will personally bear the possible losses and settle privately. The remaining funds will be reinvested into the infini vault before next Monday, and everything will continue as usual. The funds are ready, and I will respond to any withdrawal requests in the meantime, so please rest assured.I apologize for the need for some time to upgrade and restart the business; everything will proceed under the premise of ensuring the absolute safety of the funds."

ChainCatcher news, the Matrixport analysis report points out that after the Bybit theft incident, hidden buying may boost ETH's rebound.The specific viewpoint is as follows: "The market's focus is on how Bybit suffered the theft of nearly 500,000 ETH on Friday, but what is truly worth noting is its impact on the market. Bybit needs to repurchase ETH to replenish wallet funds, while the hackers must handle subsequent operations cautiously.From past experience, stolen funds are usually not immediately sold off, meaning short-term selling pressure is likely to be limited. Meanwhile, the market has added a potential buying demand of 500,000 ETH, while it is currently reported that only about 100,000 ETH has been repurchased. The supply-demand imbalance may drive ETH prices upward. Given that the price has shown signs of stabilization, we are optimistic about the current trend."

ChainCatcher message, Infini founder Christian tweeted that since the theft, the total withdrawal requests have accumulated to $500,000, all of which have been responded to, and many wallets continue to deposit money.Currently, all product consumption and withdrawals are proceeding as usual, the only affected part is the wealth management section (because the contracts have been suspended and no further fund transfers are made to prevent secondary risks), which will require some time to propose and implement a more appropriate solution.

ChainCatcher news, Slow Mist founder Yu Xian posted on social media, "Through forensic analysis and correlation tracking, we confirm that the attackers of the CEX theft incident are the North Korean hacker group Lazarus Group. This is a nation-state APT attack targeting cryptocurrency trading platforms. We have decided to share the relevant IOCs (Indicators of Compromise), which include some IPs of cloud service providers, proxies, etc. It is important to note that this disclosure does not specify which platform or platforms were involved, nor does it mention Bybit; if there are similarities, it is indeed not impossible."The attackers utilized pyyaml for RCE (Remote Code Execution), enabling the delivery of malicious code to control target computers and servers. This method bypassed most antivirus software. After synchronizing intelligence with partners, multiple similar malicious samples were obtained. The main goal of the attackers is to gain control over wallets by infiltrating the infrastructure of cryptocurrency trading platforms, thereby illegally transferring a large amount of cryptocurrency assets from the wallets.Slow Mist published a summary article revealing the attack methods of the Lazarus Group, and also analyzed their use of social engineering, vulnerability exploitation, privilege escalation, internal network penetration, and fund transfer tactics. At the same time, based on actual cases, they summarized defense recommendations against APT attacks, hoping to provide references for the industry and help more institutions enhance their security capabilities and reduce the impact of potential threats.

ChainCatcher news, according to Cointelegraph, regarding whether to support rolling back Ethereum to before the theft, Bybit CEO Ben Zhou stated in a Space: "I'm not sure if this is a decision for one person. According to the spirit of blockchain, perhaps it should be a voting process to see what the community thinks, but I'm not very sure."

ChainCatcher message, Greeks.Live macro researcher Adam released an English community briefing on the X platform, disclosing that despite the Bybit $1.5 billion Ethereum theft incident, market sentiment remains cautiously optimistic, with traders believing this is just a temporary setback. The group consensus will focus on $95,000 to $96,000 as a key support level, expecting a mean reversion upward, but there are some divergences regarding the price trend over the weekend.The market believes the impact of this hacking incident is manageable. Binance and Bitget provided emergency liquidity support by depositing 50,000 Ethereum, and traders are actively selling low volatility options (29% volatility), indicating limited concern about further declines.

ChainCatcher news, according to The Wall Street Journal, the Bybit theft incident is the largest single theft in cryptocurrency history, with stolen assets valued at over $1.4 billion.After the incident, Bybit announced that it has reported the case to the relevant authorities. Its CEO Ben Zhou stated that all functions and products of Bybit are still operating normally, the exchange is solvent, and it will fully cover customer losses. As of now, all withdrawal requests from Bybit have been processed, and the withdrawal system has returned to normal speed.