Search the Community

#Bybit #CryptoHacks #SuperEx In recent days, we have provided in-depth tracking reports and a comprehensive timeline breakdown of the Bybit hack. However, in the crypto space, hacks and scams are unfortunately not uncommon, casting a shadow of legitimacy and security concerns over the industry. That being said, as Chainalysis data indicates, the growth rate of legitimate use cases for cryptocurrency far outpaces illicit activities. Nonetheless, the increasing sophistication of hackers in recent years cannot be ignored, especially as the crypto market continues to expand. According to Crystal Intelligence, by mid-2024, the cumulative amount stolen from crypto-related hacks had already reached $19 billion. This article will review the five largest cryptocurrency hacks in history, second only to the Bybit incident, shedding light on the stories behind these attacks and their lasting impact on the crypto industry. 1. The Mt. Gox Hack (2014) Undoubtedly, the Mt. Gox hack remains one of the most infamous attacks in crypto history. In February 2014, Japan’s largest Bitcoin exchange, Mt. Gox, suddenly declared bankruptcy, revealing that approximately 850,000 BTC (valued at around $450 million at the time) had been stolen. This incident was not just a single hack — it exposed severe vulnerabilities in crypto exchange security, fund management, and regulatory oversight. Background & Impact: At its peak, Mt. Gox handled over 70% of all global Bitcoin transactions. However, due to internal security flaws, poor management practices, and a lack of transparency in fund handling, the platform ultimately fell victim to a historic theft. Even years later, the sheer scale of the lost Bitcoin remains staggering, deepening the trust crisis within the cryptocurrency industry. Although some of the stolen funds were later recovered, the Mt. Gox case remains a cautionary tale, pushing exchanges to enhance security measures and driving global calls for stricter exchange regulations. 2. The Coincheck Hack (2018) In January 2018, Japanese crypto exchange Coincheck suffered one of the largest thefts in history when hackers stole approximately $530 million worth of NEM tokens (roughly 500 million NEM coins). This incident became the largest crypto heist in Japan’s history. Background & Impact: Unlike the Mt. Gox hack, which targeted Bitcoin, Coincheck’s breach involved the theft of NEM tokens. The attackers exploited vulnerabilities in the exchange’s hot wallet (an online storage wallet) and drained all the stored NEM. Although Coincheck later reimbursed a portion of customer funds, the event severely damaged public trust in exchange security. Long-Term Consequences: This attack prompted Japan’s financial regulators to impose stricter oversight on crypto exchanges. It also spurred other global governments to reassess and tighten regulatory measures related to fund security, reserve management, and compliance requirements for crypto trading platforms. 3. The Bitfinex Hack (2016) In August 2016, Bitfinex, then the world’s third-largest cryptocurrency exchange, suffered a major breach, losing approximately 120,000 BTC (valued at $70 million at the time). The attack exploited vulnerabilities in Bitfinex’s multi-signature wallets, allowing hackers to bypass security protocols and steal a massive sum. Background & Impact: Following the hack, Bitfinex suspended all Bitcoin withdrawals and initiated emergency security protocols to prevent further losses. However, much of the stolen BTC was never recovered. The exchange worked with law enforcement agencies and implemented a redesigned security system while issuing new tokens to compensate affected users. Long-Term Consequences: This event served as yet another reminder that security must remain a top priority for crypto exchanges, especially regarding multi-signature wallet management. The Bitfinex hack also marked a turning point in industry-wide efforts to improve security and regulatory compliance for trading platforms. 4. The Ethereum DAO Hack (2016) Although not a conventional exchange hack, the Ethereum DAO attack remains one of the most significant hacks in crypto history. In June 2016, a hacker exploited a vulnerability in the DAO smart contract, draining over 50 million ETH (then valued at over $150 million). This incident became Ethereum’s most severe security breach and led to a major split in the Ethereum community. Background & Impact: The DAO (Decentralized Autonomous Organization) was a pioneering decentralized investment fund built on Ethereum. The hacker exploited a flaw in the contract’s code, siphoning off a large portion of funds from the DAO’s treasury. Although this was not an attack on Ethereum itself, it exposed the risks inherent in smart contract security. To address the crisis, the Ethereum community voted to execute a hard fork, effectively reversing the hack’s effects. However, this decision led to significant controversy and ultimately resulted in the split between Ethereum (ETH) and Ethereum Classic (ETC). Long-Term Consequences: The DAO incident highlighted critical security challenges in blockchain governance and smart contract development. It remains a fundamental case study on the importance of rigorous code auditing and security best practices for decentralized applications. 5. The KuCoin Hack (2020) In September 2020, crypto exchange KuCoin suffered a massive security breach when hackers exploited vulnerabilities in its hot wallets, stealing approximately $200 million worth of digital assets. The stolen funds included major cryptocurrencies like Bitcoin and Ethereum, as well as a wide range of altcoins and DeFi tokens. Background & Impact: The KuCoin hack sent shockwaves through the market. While the exchange quickly responded by halting trading and working with affected projects, the breach raised significant concerns about the security of hot wallet storage. KuCoin later announced that it would compensate users and that a majority of the stolen funds were eventually recovered through blockchain tracing. Long-Term Consequences: This attack underscored the persistent risks of cross-border crypto transactions and exchange security. It also reinforced the importance of incorporating advanced multi-factor authentication, cold storage solutions, and enhanced security protocols. Conclusion: The Ongoing Battle for Crypto Security From Mt. Gox to Bybit, hacker attacks have remained one of the most pressing challenges facing the cryptocurrency industry. As the market continues to evolve, security concerns have become central to the industry’s long-term viability. While crypto has introduced groundbreaking financial innovations, the need to strike a balance between innovation and security remains a global challenge for regulators, developers, and investors alike. The Bybit incident has once again put crypto exchange security under intense scrutiny. While the industry’s future remains promising, strengthening security measures, implementing effective regulatory frameworks, and fostering innovation will require a concerted effort from all stakeholders worldwide. Going forward, enhancing digital asset protection and fortifying exchange security will play a crucial role in determining the sustainability of the crypto sector.

#Bybit #ETH #Crypto In our article on the 22nd, we were the first to outline the general process of Bybit’s 1.5 billion USD ETH theft incident, condemning and voicing support for the situation. With Bybit receiving 4 billion USD in funds, they officially announced covering the funding gap. It seems that Bybit has weathered the “black swan” event. Although the crisis has come to an end, with the remaining focus on accountability and follow-up work, this incident exposed numerous issues in the industry’s security mechanisms and crisis response. It has caused significant market turbulence. In this article, we will provide a detailed analysis of the full timeline and key events of the incident. Click to register SuperEx Click to download the SuperEx APP Click to enter SuperEx CMC Click to enter SuperEx DAO Academy — Space February 19 07:15: The attacker deploys a malicious smart contract (address: 0xbDd077f651EBe7f7b3cE16fe5F2b025BE2969516) in preparation for the subsequent attack. February 21 14:13: The attacker uses a fake Safe multi-signature wallet user interface (UI) to deceive signers into signing malicious transactions. The Safe contract is replaced with a malicious version, embedding backdoor functions such as sweepETH and sweepERC20. 21:20: The attacker uses the malicious contract to transfer cold wallet assets, totaling 401,347 ETH and equivalent stETH, cmETH, mETH, valued at approximately 1.5 billion USD. 23:27: Blockchain detective ZachXBT issues a warning via Telegram, reporting abnormal fund outflows from Bybit’s Ethereum cold wallet, amounting to 1.46 billion USD. 23:37: Crypto KOL Finish confirms via a post that one of Bybit’s multi-signature addresses transferred 1.5 billion USD worth of ETH to a new address and exchanged LSD assets for native ETH via four different DEXs. 23:44: Bybit CEO Ben Zhou confirms the incident on social media, stating that hackers controlled a specific ETH cold wallet, but other cold wallets remained secure with withdrawals operating normally. 23:50 to 08:00 on the 22nd: The hacker disperses 401,347 ETH across 40 addresses and exchanges it for native ETH via DEXs. Some funds are cross-chain transferred to a BTC address via Chainflip. February 22 Early Morning: Bybit CEO Ben Zhou begins a live stream, promising that the platform will keep withdrawal channels open and fully compensate users for their losses. He reveals that Bybit’s asset management exceeds 20 billion USD and that other assets in cold wallets remain unaffected. 03:09: ZachXBT provides conclusive evidence, confirming that the attack was carried out by the North Korean hacker group Lazarus Group. Blockchain data shows the attacker’s test transaction patterns, wallet associations, and timeline align with previous incidents. 08:00: Security firm Blockaid points out that Lazarus Group used “blind signing” technology to bypass security verification and conducted social engineering attacks to gain signature permissions, successfully transferring funds. 09:00: Bybit announces that 99.994% of withdrawals have been completed and platform services have returned to normal. Blockchain data shows that Bybit received over 4 billion USD in the past 12 hours, covering the stolen fund gap. 10:00: Platforms like Tether, THORChain, and ChangeNOW assist in freezing 42.89 million USD worth of stolen funds. However, the hacker still holds 448,600 ETH (approximately 1.26 billion USD) and is laundering the funds via mixers. Early Morning to Morning: Multiple exchanges and institutions provide support to Bybit. Bitget transfers 40,000 ETH to Bybit’s cold wallet, MEXC transfers 12,600 stETH, and ABCDE’s co-founder Du Jun personally transfers 10,000 ETH. February 21–22 The incident causes ETH to briefly drop 8%, with over 400 million USD in liquidations across the market. Bybit’s rapid response and industry support helped stabilize market sentiment, and ETH prices recovered to over 2,700 USD. February 23 Security experts urge the industry to strengthen security mechanisms, including the introduction of secondary semantic validation, hardware wallet confirmation, and the development of exchange insurance services. Conclusion: A Battle with No Winners The Bybit incident once again proves that the crypto industry thrives alongside inherent risks. While the industry’s swift mobilization demonstrated unity, the 1.5 billion USD loss is a fait accompli. As the founder of Slow Mist, Yu Xian, put it: “Security is not a single-point defense but an ecological global game.” When the hacker’s technical sophistication surpasses traditional defenses, only a triple effort of technological upgrades, regulatory collaboration, and user vigilance can find a way out of this battle.