不得不说,这些疑似朝鲜黑客还是很顽强的,顶着全球的唾骂和围追堵截,硬是还在出货。而Bybit也很坚决,在大笔买入 $ETH 填窟窿。
尽管整个加密行业团结协作尽了最大的努力,但是据监测,Bybit 黑客现在已经卖掉了 5.07 万枚 ETH (1.42 亿美元)换成 DAI 及其它链上的资产(BTC 等)。现在还持有 44.86 万枚 ETH (12.6 亿美元)。
而 #Bybit 或其关联方的地址(0x2E4…b77)通过 Galaxy Digital、FalconX、Wintermute 三家经纪商在过去 2 天里一共购买了 15.76 万枚 ETH (4.41 亿美元)然后转进 Bybit。巨大的损失还是难以避免。
从这次Bybit悲剧事件可以看出,依靠多人多签的安全体系还是存在漏洞,就是人难免会疏忽,有惰性,有惯性思维,会疲劳等等,后面的人以为前面一堆人都审过了,出不了大事,自己就走个形式就行了,没想到,人人都是这么想的,前面的人想反正后面还有一大堆人要签名审核,出不了事,结果就这样出事了。
Bybit CEO 在直播时表示:我是转账交易的最后一个签署者,当时我检查了链接、UI、目标地址、代码等信息,但并没有检查地很彻底,黑客以某种方式成功做了所有签名者计算机的 UI。
事情就是这样发生的,在AI时代,完全依靠人工来把关,确实有些冒险,黑客非常狡猾,深谙人性弱点,会采取种种精密的欺骗手法来蒙混过关,而抵御这种欺骗最佳的方法无疑就是不受情绪惰性等人性弱点干扰的AI,所以我想不久的将来,引入AI多签+人工多签的安全体系,一定会成为一个新的趋势,就是在交易签署前,先由多种AI进行多重检查签署,然后再由人工最终签署,应能构建更加强大的安全防范屏障。
作者:唐华版主
本文首发币安广场: https://app.binance.com/uni-qr/cart/20724818484178?l=zh-CN&r=23279581&uc=web_square_share_link&uco=VQVlLZAUglpCGWFL43ucsA&us=copylink
From the Bybit incident, it can be seen that the security system relying on manual multi-signature has loopholes, and the introduction of AI multi-signature in the future is an inevitable trend
It has to be said that these suspected North Korean hackers are still very tenacious. Despite the global curse and pursuit, they are still shipping. And Bybit is also very determined to buy large amounts of $ETH to fill the hole.
Although the entire crypto industry has made every effort to unite and cooperate, according to monitoring, Bybit hackers have now sold 50,700 ETH (US$142 million) in exchange for DAI and other on-chain assets (BTC, etc.). Now they still hold 448,600 ETH (US$1.26 billion).
The address of #Bybit or its affiliates (0x2E4…b77) purchased a total of 157,600 ETH (US$441 million) through three brokers, Galaxy Digital, FalconX, and Wintermute, in the past two days and then transferred them to Bybit. Huge losses are still unavoidable.
From this Bybit tragedy, we can see that the security system that relies on multiple people and multiple signatures still has loopholes. People are inevitably negligent, lazy, have inertial thinking, fatigue, etc. The people behind thought that a lot of people in front had reviewed it, and nothing serious would happen, so they just went through the motions. Unexpectedly, everyone thought so. The people in front thought that there were still a lot of people behind to sign and review, so nothing would happen. As a result, something went wrong.
Bybit CEO said during the live broadcast: I was the last signer of the transfer transaction. At that time, I checked the link, UI, target address, code and other information, but I didn’t check it thoroughly. The hacker somehow succeeded in making the UI of all the signer’s computers.
This is how it happened. In the AI era, it is indeed risky to rely entirely on manual checks. Hackers are very cunning and well aware of human weaknesses. They will use various sophisticated deception techniques to get through. The best way to resist this deception is undoubtedly AI that is not disturbed by human weaknesses such as emotional inertia. So I think in the near future, the introduction of AI multi-signature + manual multi-signature security system will definitely become a new trend. That is, before the transaction is signed, multiple AIs will perform multiple checks and signatures, and then the final signature will be made by humans, which should be able to build a more powerful security barrier.
Author: Tang Hua Moderator
This article was first published on Binance Square: https://app.binance.com/uni-qr/cart/20724818484178?l=zh-CN&r=23279581&uc=web_square_share_link&uco=VQVlLZAUglpCGWFL43ucsA&us=copylink
