正在加载视频...

视频加载失败

返回首页

ByBit Exchange Hack ($1.4B Transactions) - Security Researcher Explained 1. What the transaction did 2. How it could have (potentially) been prevented 3. How to spot this kind of transaction

PatrickAlphaC's profile picture

Patrick Collins

113,726 subscribers

137,154 次观看 • 1 年前 •via X (Twitter)

科学技术财经
LIVE

Anya Rossi• Live Now

Private livecam show

12 条评论

Patrick Collins 的头像
Patrick Collins1 年前

You can also view it on YouTube.

GraniteShares ETFs 的头像
GraniteShares ETFs2 年前

An investment in this ETF involves significant risk. Click here for more information.

hansfriese 🟪 的头像
hansfriese 🟪1 年前

Best breakdown of the Bybit hack and, more importantly, the solutions to prevent such incidents in the future.

Patrick Collins 的头像
Patrick Collins1 年前

ty ser <3

Luzius Meisser 的头像
Luzius Meisser1 年前

Nice explanation! When we built our own multisig @aktionariat, we consciously made it immutable (no upgradable proxy) and without support for delegatecalls. These are two additional design decisions that could have prevented the Bybit attack.

Patrick Collins 的头像
Patrick Collins1 年前

@aktionariat If the hackers managed to get users to sign bad transactions, it almost didn't matter what the architecture was. For your own multi-sig, it could have just been as easy as directly sending ETH in a multi-sig TX or something.

thiskidkills 的头像
thiskidkills1 年前

Watching that video pretty well sums up why ethereum will never be the new internet soon all will go to #ICP to spend their #BTC on porn, pop culture, poker, and politics sovereignty for the zeitgeist!

Delvir0 的头像
Delvir01 年前

Awesome breakdown, especially how fast you made this

Blocks 的头像
Blocks1 年前

First thing I did when I woke up to the news this morning was literally rush back and watch that video again while I pictured you doing this all day lmao 😂

Patrick Collins 的头像
Patrick Collins1 年前

It was worse with the hack this week where the users put their private key in the frontend.

fabriziogianni7_eth 的头像
fabriziogianni7_eth1 年前

Clear. But how they hacked the UI ?

Patrick Collins 的头像
Patrick Collins1 年前

Still unclear as of today

相关视频

$1.4B was stolen in the Bybit hack, making it the largest crypto exploit to date. But could it have been avoided? In this video, jchetrit.eth shows how OpenZeppelin Safe Utils could have prevented the attack by ensuring users sign the correct transactions in Safe.eth 🔒
6:39

$1.4B was stolen in the Bybit hack, making it the largest crypto exploit to date. But could it have been avoided? In this video, jchetrit.eth shows how OpenZeppelin Safe Utils could have prevented the attack by ensuring users sign the correct transactions in Safe.eth 🔒

OpenZeppelin

12,555 次观看 • 1 年前

🚨 Bybit’s $1.4B hack via a compromised Gnosis Safe dApp shows why you never blind-sign transactions. 1inch Wallet’s clear signing & transaction simulation show exactly what you’re approving. Pair it with a Ledger hardware wallet for an extra layer of security. #CryptoSecurity
0:21

🚨 Bybit’s $1.4B hack via a compromised Gnosis Safe dApp shows why you never blind-sign transactions. 1inch Wallet’s clear signing & transaction simulation show exactly what you’re approving. Pair it with a Ledger hardware wallet for an extra layer of security. #CryptoSecurity

1inch

46,593 次观看 • 1 年前

The Transaction Manifest could have saved users millions of dollars from blind-signing their assets away to scammers. It offers human-readable transactions so you will always know what your transaction is going to do. To a user, it looks like this, with each action presented clearly visible in human-readable language ⤵️
0:37

The Transaction Manifest could have saved users millions of dollars from blind-signing their assets away to scammers. It offers human-readable transactions so you will always know what your transaction is going to do. To a user, it looks like this, with each action presented clearly visible in human-readable language ⤵️

Radix - Radically Different DeFi

101,053 次观看 • 1 年前

What if EOAs could get the powers of Smart Accounts?! Now it's possible with: Fusion Module Bringing SA capabilities to EOAs such as ⛓️Chain Abstraction ⛽Gasless Transactions 📦Transaction Batching 🤖Automated Transactions Let's do a deep dive into how it works🧵👇
3:26

What if EOAs could get the powers of Smart Accounts?! Now it's possible with: Fusion Module Bringing SA capabilities to EOAs such as ⛓️Chain Abstraction ⛽Gasless Transactions 📦Transaction Batching 🤖Automated Transactions Let's do a deep dive into how it works🧵👇

Biconomy

23,921 次观看 • 1 年前

Everything you need to know about EIP-7702 (type 4 transactions enabled by Pectra). 1. Can someone steal all your funds in a single transaction? 2. How does it work? 3. What does it look like? 4. Will your wallet's new code persist? All shown here!
8:35

Everything you need to know about EIP-7702 (type 4 transactions enabled by Pectra). 1. Can someone steal all your funds in a single transaction? 2. How does it work? 3. What does it look like? 4. Will your wallet's new code persist? All shown here!

Patrick Collins

14,514 次观看 • 1 年前

This is exactly why YOU MUST GET A COLD STORAGE WALLET! 🥶 Learn from this horror story! I was contacted 1 hour ago by someone who was hacked and lost all their XRP TODAY, a total of 18,774 XRP valued at approximately $44,121. His Coinbase 🛡️ balance is now $0.00. His transaction history is wiped clean. He checked and can see that his XRP was sent to Bybit. Bybit’s suspicious transaction behavior is irregular at best, possibly hacking via AI. Check the videos posted below. 37 transactions per minute, several per second sometimes. All transactions are going IN except for the occasional large sum of XRP going OUT to another ByBit wallet. Check the Gemini transactions page to see what normal exchange behavior looks like. 1. Why would a wallet have so many transactions? 2250 transactions in 1h?? 2. Is there a legit reason? 3. How are all of the fractional transactions made? 4. How could so many transactions per min be done? 5. Is this an operation? One person? A company? A country? If you have an explanation for this transaction behavior, please let me know. Is ByBit responsible? Or are the real perpetrators just hiding behind their software? That would be for officials to figure out. Bybit seems to be the medium that is being used. Like the car in a bank robbery. ⚠️DO NOT RISK YOUR CRYPTO ON AN EXCHANGE OR WARM/HOT WALLET. ⚠️SELF CUSTODY IS A MUST. COLD WALLET STORAGE IS THE ONLY WAY TO SECURE YOUR CRYPTO! ⚠️IF ANYONE HAS ANY ADVICE TO HELP HIM RECOVER HIS LOST FUNDS PLEASE ADVISE! “I was pre rich and now I’m poor. I’m praying for IQD and VND to come through…” Tankstir
0:26

This is exactly why YOU MUST GET A COLD STORAGE WALLET! 🥶 Learn from this horror story! I was contacted 1 hour ago by someone who was hacked and lost all their XRP TODAY, a total of 18,774 XRP valued at approximately $44,121. His Coinbase 🛡️ balance is now $0.00. His transaction history is wiped clean. He checked and can see that his XRP was sent to Bybit. Bybit’s suspicious transaction behavior is irregular at best, possibly hacking via AI. Check the videos posted below. 37 transactions per minute, several per second sometimes. All transactions are going IN except for the occasional large sum of XRP going OUT to another ByBit wallet. Check the Gemini transactions page to see what normal exchange behavior looks like. 1. Why would a wallet have so many transactions? 2250 transactions in 1h?? 2. Is there a legit reason? 3. How are all of the fractional transactions made? 4. How could so many transactions per min be done? 5. Is this an operation? One person? A company? A country? If you have an explanation for this transaction behavior, please let me know. Is ByBit responsible? Or are the real perpetrators just hiding behind their software? That would be for officials to figure out. Bybit seems to be the medium that is being used. Like the car in a bank robbery. ⚠️DO NOT RISK YOUR CRYPTO ON AN EXCHANGE OR WARM/HOT WALLET. ⚠️SELF CUSTODY IS A MUST. COLD WALLET STORAGE IS THE ONLY WAY TO SECURE YOUR CRYPTO! ⚠️IF ANYONE HAS ANY ADVICE TO HELP HIM RECOVER HIS LOST FUNDS PLEASE ADVISE! “I was pre rich and now I’m poor. I’m praying for IQD and VND to come through…” Tankstir

Ross

58,406 次观看 • 1 年前

JUST IN: Bybit founder Ben Zhou reveals how the $1.4 billion Ethereum $ETH hacked likely happened He was the last signature needed to send the transaction
0:24

JUST IN: Bybit founder Ben Zhou reveals how the $1.4 billion Ethereum $ETH hacked likely happened He was the last signature needed to send the transaction

BlockNews

171,029 次观看 • 1 年前

Traditional rail: 50,000 transactions at $1/transaction = $50,000 The Stellar network: 50,000 transactions = $120 😮Franklin Templeton:
2:03

Traditional rail: 50,000 transactions at $1/transaction = $50,000 The Stellar network: 50,000 transactions = $120 😮Franklin Templeton:

Stellar

97,751 次观看 • 1 年前

Q: "What do the Qataris expect in return for a $400 million present?" Steve Witkoff: "It's a perfectly legal transaction. It's been vetted...I'm not sure how anyone would see this as the Qataris looking to gain some kind of advantage."
2:07

Q: "What do the Qataris expect in return for a $400 million present?" Steve Witkoff: "It's a perfectly legal transaction. It's been vetted...I'm not sure how anyone would see this as the Qataris looking to gain some kind of advantage."

The Bulwark

46,517 次观看 • 1 年前

Every pixel is a transaction Every transaction is on Thru Let the transactions flow thru you
0:47

Every pixel is a transaction Every transaction is on Thru Let the transactions flow thru you

CANTELOPEPEEL

13,947 次观看 • 11 个月前

She gave his brother over #20 million to help her build a house Did he deliver or not? How could this wahala have been prevented?
3:09

She gave his brother over #20 million to help her build a house Did he deliver or not? How could this wahala have been prevented?

BSAT Properties

80,078 次观看 • 2 个月前

In light of today’s Bybit incident, here’s how we secure our technical Safe.eth multisig at Gearbox Protocol: Continuous monitoring Whenever a new transaction is submitted or an existing one is signed, we immediately receive a notification in our alert channel. This alert shows the transaction hash and who proposed and signed the transaction. Detailed transaction report The most significant feature is the transaction report. It contains parsed transaction call data in a human-readable format, allowing all signers to see actions that occur understandably, both in plain text and in bytecode. Deployment check and whitelisted external calls Whenever the system deploys a new contract or interacts with an existing one, it checks the bytecode and compares it with code in our GitHub repository. Thus, the system constantly recompiles and compares the bytecode with the audited version, providing us with detailed information such as source links, audit reports, etc. This is how we have built a robust system to filter and check all transactions before they go to the technical multisig and affect changes to the protocol.
1:44

In light of today’s Bybit incident, here’s how we secure our technical Safe.eth multisig at Gearbox Protocol: Continuous monitoring Whenever a new transaction is submitted or an existing one is signed, we immediately receive a notification in our alert channel. This alert shows the transaction hash and who proposed and signed the transaction. Detailed transaction report The most significant feature is the transaction report. It contains parsed transaction call data in a human-readable format, allowing all signers to see actions that occur understandably, both in plain text and in bytecode. Deployment check and whitelisted external calls Whenever the system deploys a new contract or interacts with an existing one, it checks the bytecode and compares it with code in our GitHub repository. Thus, the system constantly recompiles and compares the bytecode with the audited version, providing us with detailed information such as source links, audit reports, etc. This is how we have built a robust system to filter and check all transactions before they go to the technical multisig and affect changes to the protocol.

0xmikko.eth

17,986 次观看 • 1 年前

🚨Exclusive: A White House correspondent spoke about what he said seemed to be compromised security measures at the White House Correspondent’s Dinner tonight. He detailed how scanners that could have prevented the active shooter situation were placed somewhere other than in front of the venue structure. According to reports, a Gunman was taken down in the lobby of the building and one secret service agent is reported to have been shot. Could this have been prevented?
1:10

🚨Exclusive: A White House correspondent spoke about what he said seemed to be compromised security measures at the White House Correspondent’s Dinner tonight. He detailed how scanners that could have prevented the active shooter situation were placed somewhere other than in front of the venue structure. According to reports, a Gunman was taken down in the lobby of the building and one secret service agent is reported to have been shot. Could this have been prevented?

SurgePhilly

42,225 次观看 • 1 个月前

Crypto exchange Bybit disclosed that it had been hacked in what analysts say was the biggest-ever theft in the industry with almost $1.5 billion worth of tokens taken. Ledger CEO Pascal Gauthier discusses security concerns and how crypto should be stored
1:50

Crypto exchange Bybit disclosed that it had been hacked in what analysts say was the biggest-ever theft in the industry with almost $1.5 billion worth of tokens taken. Ledger CEO Pascal Gauthier discusses security concerns and how crypto should be stored

Bloomberg Crypto

12,195 次观看 • 1 年前

What used to take 3-4 transactions and 30 minutes of your time now completed with 1 transaction in less than 60 seconds. 🫡 is the future everyone. Are you ready for seamless bridging? ⬇️
1:02

What used to take 3-4 transactions and 30 minutes of your time now completed with 1 transaction in less than 60 seconds. 🫡 is the future everyone. Are you ready for seamless bridging? ⬇️

Brian

18,948 次观看 • 1 年前

Keeladi’s findings could change how we understand the Sangam era & India’s past. How did it begin? What all have been found so far? In this special episode of Let Me Explain, we travel to Keeladi for the answers.
0:59

Keeladi’s findings could change how we understand the Sangam era & India’s past. How did it begin? What all have been found so far? In this special episode of Let Me Explain, we travel to Keeladi for the answers.

TheNewsMinute

41,436 次观看 • 11 个月前

There's a hidden tax loophole that could send Ethereum to new highs, and nobody knows about it. In this video I cover: 1. What the 351 tax exchange is and how it could pump crypto 2. Why longing the $4k $ETH reclaim is the best setup in the market 3. How $ENA and $LINK benefit
9:55

There's a hidden tax loophole that could send Ethereum to new highs, and nobody knows about it. In this video I cover: 1. What the 351 tax exchange is and how it could pump crypto 2. Why longing the $4k $ETH reclaim is the best setup in the market 3. How $ENA and $LINK benefit

Brandon Hong

103,861 次观看 • 10 个月前

This is the first teaser of the promised product updates we’re going to deliver for you soon. Transaction times were too slow on EOAs — and so users wouldn’t be able to take advantage of the real time transaction methods @megaeth_labs enables. Now, we’ve drastically improved the transaction processing times for both EOA wallets by implementing 7702 throughout the entire product and implementing the real time transaction API. Everytime you use GTE, your transactions will take only the time it takes to round trip between you and the sequencer. This is usually around 200ms if you’re across the world from the sequencer (which is about as fast as you blink). Now, there is no difference between using GTE and a CEX. This is what it means to be the fastest decentralized exchange in the world. You’re going to have fun trading on GTE!
0:23

This is the first teaser of the promised product updates we’re going to deliver for you soon. Transaction times were too slow on EOAs — and so users wouldn’t be able to take advantage of the real time transaction methods @megaeth_labs enables. Now, we’ve drastically improved the transaction processing times for both EOA wallets by implementing 7702 throughout the entire product and implementing the real time transaction API. Everytime you use GTE, your transactions will take only the time it takes to round trip between you and the sequencer. This is usually around 200ms if you’re across the world from the sequencer (which is about as fast as you blink). Now, there is no difference between using GTE and a CEX. This is what it means to be the fastest decentralized exchange in the world. You’re going to have fun trading on GTE!

enzo

221,173 次观看 • 11 个月前