CZ: Proposing a suspension of withdrawal suggestions for Bybit is a practical way to share based on personal experience and observations, without absolutely correct or wrong

PANews reported on February 22 that Binance CZ released some ideas on the X platform about the recent hacker attacks, and he said:

There is a pattern where hackers can steal a large number of cryptocurrencies from multi-signature “cold storage” solutions, such as ByBit, Phemex, WazirX and others.

In recent ByBit cases, hackers were able to let the front-end user interface show legitimate transactions, while the actual signature was for another transaction. Not very familiar with other cases, but based on limited available information, they sound similar. What’s even more terrifying is that the affected exchanges use different providers of multi-signature solutions. The hacker Lazarus Group has very advanced intrusion capabilities and a wide range of scope. It is not clear whether a hacker can hack multiple signature devices, server-sides, or in each case.

Someone questioned my proposal to stop all withdrawals as a standard safety precaution (I tweeted on the shuttle to the plane) with the intention of sharing a practical approach based on personal experience and observations, but both approaches None of them is absolutely right or wrong, and the guiding principles are always inclined toward the safer side. After any security incident, pause everything to make sure we fully understand what happened, how hackers hacked into the system, which devices were hacked, check everything is safe and then resume operations.

Of course, suspension of withdrawals may cause more panic. In 2019, Binance suspended withdrawals for a week after a massive $40 million hack, and when withdrawals were resumed (and deposits) were seen as more deposits than withdrawals were made. Not that this is a better approach. Each situation is different. This is a question of judgment. The relevant tweets are to share what might be effective. The purpose is to express support in a timely manner. I also believe that Ben has made the best decision based on the information he has. Ben maintained transparent communication and calmness in his challenge and performed exceptionally well. This is in stark contrast to other less transparent CEOs (such as WazirX, FTX, etc.). The cases mentioned here vary. FTX is a fraud. WazirX, will not comment as the lawsuit is still ongoing.