Breaking news in the global cryptocurrency sector: the well-known cryptocurrency exchange Bybit has suffered the largest hack in history, with estimated losses nearing $1.5 billion. This incident has caused a massive uproar in the industry, marking a deep scar in the development of cryptocurrency.
According to data disclosed by blockchain analysis company Elliptic, this attack has set a new record, surpassing the $611 million theft from Poly Network in 2021. Rob Behnke, co-founder and executive chairman of blockchain security company Halborn, made a startling statement, suggesting this could be "the most severe incident ever, with impacts extending beyond the cryptocurrency sector itself."
The incident occurred in an offline Ethereum wallet at Bybit. Blockchain analyst ZachXBT detailed on the social platform Telegram how the hacker used a series of bizarre transaction methods to stealthily sweep approximately $1.46 billion from the wallet. Research company Arkham Intelligence also corroborated, noting nearly $1.4 billion in funds surged out of the exchange like a flood, with alerts issued on platform X: "These funds have begun transferring to new addresses, with some already being sold for cash."
Bybit CEO Ben Zhou urgently voiced on platform X on Friday, acknowledging the hack. To calm the anxious customers, Zhou immediately started a live broadcast. During the broadcast, he emphatically assured the overall security of the exchange's funds, revealing that the platform had joined partners in applying for bridge loans, successfully raising about 80% of the funds needed to cover the massive shortfall. Moreover, Bybit firmly stated it would spare no expense in recovering the stolen funds and would take strong legal actions against the hacker's deeds.
"Rest assured, your funds are still safe, and the withdrawal channels are operating normally," Zhou repeatedly assured users on camera, "In fact, after the hack, the exchange has successfully processed over 70% of withdrawal requests." He also clarified that the exchange has not purchased Ethereum to fill the gap left by the stolen assets at this stage.
The cryptocurrency market reacted violently to this shock. On the day the news broke, the price of Ethereum plummeted by 6.7%, and Bitcoin was not spared, dropping nearly 3% from its daily high. The "synthetic dollar" token USDe, favored by cryptocurrency traders, also suffered collateral damage, its stable 1:1 peg to the dollar momentarily loosening, with prices plummeting to $0.98.
Established in 2018, Bybit is considered a giant in the cryptocurrency trading arena, with an average daily trading volume exceeding $36 billion. According to CoinMarketCap, the platform's asset size was about $16.2 billion before the incident, with the stolen Ethereum constituting nearly 9% of its total assets, a significant blow.
Preventing cyber threats requires a multifaceted approach involving technology, management, and personnel awareness.
Here are some compiled cybersecurity prevention measures
1. Technical Protection Measures
Use firewalls and intrusion detection systems (IDS/IPS): Firewalls can block unauthorized access, while IDS/IPS can detect and mitigate threats in real-time.
Encrypt data transmission and storage: Encrypt network transmission data using SSL/TLS, IPSec, and other technologies, and protect stored data using encryption standards like AES.
Install antivirus and anti-malware software: Detect and remove viruses and malware from computers in a timely manner.
Secure wireless networks: Encrypt Wi-Fi networks with WPA3, change default router passwords, and hide SSID.
Monitor network activity in real-time: Use SIEM (Security Information and Event Management) systems to monitor network traffic and set alerts to detect abnormal activities.
2. Identity Authentication and Access Control
Strong password policies: Use complex passwords containing letters, numbers, and special characters, and change them regularly.
Multi-factor authentication (MFA): Add extra verification steps during login, such as SMS codes, fingerprint recognition, etc.
Principle of least privilege (PoLP): Assign necessary access rights based on employee responsibilities to avoid over-authorization.
Monitor privileged and third-party user activities: Ensure that the activities of privileged users and third parties are monitored to prevent data leaks.
3. Data Protection
Regularly back up data: Use the 3-2-1 backup strategy (three copies, two different storage media, one off-site backup), and regularly test the integrity of backups.
Data encryption: Encrypt sensitive data to ensure that even if data is stolen, it cannot be easily deciphered.
4. Personnel Training and Awareness Raising
Cybersecurity training: Regularly train employees on cybersecurity, enhancing their ability to recognize phishing and social engineering attacks.
Security awareness education: Cultivate employees' security awareness to avoid security incidents caused by human errors.
5. System Maintenance and Management
Regularly update software and systems: Regularly update operating systems, applications, and security software to fix known vulnerabilities.
Establish comprehensive cybersecurity policies: Develop layered cybersecurity strategies covering the overall enterprise and specific needs of each department.
Manage supply chain risks: Assess the security of suppliers to ensure their products and services do not introduce security risks.
6. Emergency Response
Develop an incident response plan: Clearly define the responsibilities of the response team, establish communication protocols, and regularly conduct drills.
Through these measures, it is possible to effectively reduce cybersecurity risks and protect the digital assets of businesses and individuals.
High-purity IP (high-defense IP) plays an important role in cybersecurity, effectively resisting common network threats such as DDoS and CC attacks.
Here are suggestions and measures to avoid attack risks
1. Traffic Cleaning and Intelligent Defense
The core function of high-defense IP is traffic cleaning, which involves monitoring and analyzing network traffic in real-time through a large-scale distributed cluster, identifying and filtering malicious traffic. Meanwhile, intelligent defense strategies use machine learning and big data analysis to automatically identify and respond to new attack patterns.
2. Hide Real IP
High-defense IP uses proxy servers or reverse proxies to hide the real IP address of the source station, preventing attackers from directly targeting the source station. For example, using Nginx or HAProxy as reverse proxy tools can effectively protect the source server.
3. Elastic Expansion and Resource Scheduling
High-defense IP supports elastic expansion, dynamically adjusting defense resources according to the size of attack traffic. This strategy not only enhances the flexibility of defense but also maintains stable operation under attacks of different scales.
4. Multi-factor Authentication and Access Control
Implement multi-factor authentication (MFA) and strict access control policies to ensure that only authorized users and devices can access resources. This can effectively prevent malicious traffic from abusing services.
5. Regularly Change IP Address
Use dynamic IP or services supporting IP rotation to regularly change IP addresses, avoiding long-term use of fixed IPs that could be attacked or banned.
6. Use CDN and VPN
CDN: By dispersing the location of host services, CDNs can resist DDoS attacks and improve website performance through content caching.
VPN: By encrypting communications, VPNs hide the real IP addresses between users and servers, preventing data theft.
7. Anomaly Detection and Real-time Monitoring
High-defense IP services use anomaly detection systems to analyze traffic patterns in real-time, employing artificial intelligence and machine learning algorithms to identify and respond to abnormal behaviors. Additionally, 24-hour real-time monitoring can promptly detect and alert attacks.
8. Choose Reliable High-defense IP Services
Select high-defense IP providers with strong defense capabilities, stability, and quality service. Ensure the provider supports elastic expansion, intelligent defense, and real-time monitoring functions.
