Bybit Why can the 15,000 cmETH stolen bytes be saved?

Author: Haotian

In the Bybit stolen assets tracking analysis report disclosed by SlowMist and the Cosine Security team yesterday, it was mentioned that a 15,000 cmETH was lucky to be successfully blocked by mETH Protocol, recovering a loss of $42m. Many friends must be curious about what's going on?

mETH Protocol is a Mantle layer2 chain in order to enable users to generate native returns when depositing ETH in layer2, and the liquid staking protocol launched on the Ethereum main network is a liquid staking asset with accumulated deposits second only to stETH, wBETH, and rETH. .

Mantle takes mETH as the core to absorb liquidity on different layer2 chains and once became the interactive liquidity scheduling center of layer2. It can be imagined how important mETH is to the strategic value of Mantle chain.

cmETH is a re-private asset of mETH, which is equivalent to the user being able to pledge the circulating mETH assets again to convert them into cmETH assets. Compared with mETH, cmETH bears the risk of re-private leverage once, but it can be used in various types of layer2 Mining is performed in the campaign to obtain its brand new protocol governance token $COOK.

In short, cmETH is a stake certificate asset circulating on the layer2 network and will interact with various layer2 protocols in combination.

It is precisely because of this complex business interaction logic that the cmETH protocol has added three key security mechanisms when designing:

1. Address blacklisting mechanism, as the name implies, can quickly blacklist addresses marked as hackers to limit their transfer or interact with cmETH assets;
2. The contract can be temporarily suspended. If an emergency occurs, the team has the authority to urgently suspend withdrawal operations to prevent the circulation of suspicious assets;
3. Delay withdrawal mechanism adopts FIFO (first-in, first-out) queue mechanism, and the contract has a built-in withdrawal delay of up to 7 days (the event is 8 hours), which is equivalent to a period of calm processing-response time, giving the team enough time to identify the link Abnormal withdrawal behavior.

Although it seems that a certain degree of decentralization has been sacrificed for security, don't forget that cmETH is a re-pled (leveraged) asset superimposed on mETH. Its main business scenario is to be carried out as equity certificates in various DeFi protocols The security of mining will be related to the overall system liquidity security of each cross-chain and cross-protocol.

At this stage, as an important component of the Mantle ecosystem, it is naturally reasonable to make some additional security mechanism considerations and design in order to deal with hacker attacks and emergencies.

But unexpectedly, this design of cmETH did not play a role in the complex combination ecological environment of on-chain DEX, but was the first to make a great contribution to Bybit's asset blocking.