Trend
More

文章详情

BSC

$--
$0
download dymatic logo
image source head

How important is Safe, the top infrastructure in the currency circle attacked by North Korea’s hackers, to encryption?

trendx logo

Reprinted from chaincatcher

02/27/2025·2M

Author: BlockBeats

The next hacker-themed movie may be based on the stolen incident of the $1.5 billion Bybit and Safe hackers. The hacking technique is perfect, and no trace has been found yet.

After a week of multi-party investigation, Safe official, Bybit and security companies have provided the latest progress. Rhythm Blockbeats summarizes the findings in the most concise language, revealing the first-hand situation of the situation:

1. Code is fine: Safe front-end code is open source, there is no problem at the code level, and it is because Safe's server security has been attacked.

2. There is a "insider": Specifically, the code that is actually deployed to the production environment is not consistent with what is displayed in the open source repository. That is to say, at a certain stage, someone replaced the code or inserted malicious code during the deployment process.

3. The identity of the "insider" is unknown: Not all developers have the authority to deploy production environment code. People who can perform such in-depth operations must have high trust. This "insider" may be a long-term trusted developer or a team member who can obtain sufficient permissions. The attacker hid his whereabouts for a long time. Safe checked historical transactions, but no abnormalities were found, and no "insider" was found, calling on the community and users to assist in the investigation.

In addition, Safe has not mentioned that it will help with compensation, but has only mentioned some subsequent upgrade plans. At the same time, it reminds everyone to be rational and not to believe those who use this hacking incident to market their so-called "advanced multi-signal", "semi-hosted", "MPC" and other products, which may instead expand the attack surface.

In fact, this is not the first stolen incident that Safe signed more. This method is very close to the stolen incident of Radiant Capital in October last year. During the Radiant Capital stolen incident at that time, hackers also infected the core developers' devices and implanted malware into the device, causing the developers to mistakenly think it was a legal operation when signing the transaction, but in fact they executed malicious transactions in the background.

Safe can influence most of the currency circle

Why is this incident so eye-catching? The reason is that Safe is the most popular multi-signature wallet in the Ethereum ecosystem.

When Safe issued coins last year, almost all of them were project parties, institutions and major players on the top 100 airdrop addresses. In other words, Safe's security can affect most of the currency circle.

As shown in the figure, familiar ones include metamask, PleasrDao, AAVE, 1inch, Lido, etc.

At the same time, in this cycle, traditional finance, traditional institutions, family funds and old money are accelerating their entry, but the encryption threshold is high. In order to protect funds from playing on-chain encryption, many people have chosen a relatively safer way to sign more wallets Safe.

For example, the most representative one is Trump's defi team.

According to the Safe Guardian's disclosure of rhythmic BlockBeats, there are two easiest ways to determine whether the address on the chain is the Safe wallet address: one is the "MultiSig" multiple signs displayed on ARKHAM, and the other is that "MultiSig:Safe" will be displayed directly below the address on the debank page. As can be seen in the picture above, Trump's DeFi project World Liberity Fi does use a multi-signment wallet.

In other words, any security breach in Safe can trigger a huge chain reaction and butterfly effect.

Something can happen to the top security infrastructure in the currency

circle

Safe is basically a ceiling project in the Ethereum ecosystem, and its incubation team Gnosis.

Gnosis Chain, this is the most famous Ethereum side chain in the previous cycle, focusing on efficient and secure decentralized application construction. According to DefiLlama data, Gnosis Chain’s total locked position value (TVL) was $200 million at the time of writing, and its peak was $350 million.

In fact, the story of Gnosis ecology and incubator can be traced back to 2015.

Compared to the now well-known Polymarket, Gnosis co-founder Martin Koeppelmann began to study the decentralized forecasting market earlier. In 2015, he posted on his forum about the combination of MarketMaker and OrderBook, one of the industry's earliest decentralized forecasting market ideas.

Martin koeppelmann is also the earliest Ethereum developer. He joined before the DAO period. Because he lived in Berlin for a long time, he has close contact with Vitalik, who was in his Berlin office back then.

Over the years, he has participated in a lot of discussions in the Ethereum development community, and often discusses some issues such as L2, ZK and Ethereum roadmap with Vitalik. Martin's comments on social media can also show how well he is in the community.

It is precisely based on such technological accumulation that Gnosis has gradually developed a complete ecological system. From Gnosis Protocol to CowSwap, Martin and his team further derive products such as Gnosis Chain, Safe and Gnosis Pay.

Has the bear market signal been turned on?

The impact of this Safe security incident has indeed caused a lot of panic and pessimism in the currency circle. According to Alternative.me data, the cryptocurrency panic index fell to 10 today, hitting a new low since July 2022, and the market continued to be in a state of extreme panic.

Many community members have doubted whether multiple signatures are just a decoration that "hidespites the ears"?

At the same time, many industry practitioners have expressed reflections and concerns about the industry: "If multiple signature wallets are not safe, then who else will take and trust this industry seriously? Has the crypto industry really become a hacker's bloodbath?"

Looking back at history, the end of each round of crypto bull market is often accompanied by some major security and trust crises.

For example, the early Mentougou incident led to theft of a large number of crypto assets, becoming one of the most famous hacker incidents in the history of the crypto industry; the end of the last bull market was the trust crisis that began with the collapse of FTX and the collapse of Terra, which seriously affected the confidence of investors in the entire industry.

So, what will this bull market end? Pessimistically speaking, Safe's security incident is likely to be one of the "signals" that this bull market ends.

more

BitVM background knowledge: fraud proof and the implementation idea of ​​ZK Fraud Proof feature image

trendx logopanewslab2M

BitVM background knowledge: fraud proof and the implementation idea of ​​ZK Fraud Proof

Reversal: Safe admits that Bybit's $1.5 billion theft was caused by Safe's invasion feature image

trendx logojinse2M

Reversal: Safe admits that Bybit's $1.5 billion theft was caused by Safe's invasion

Whale, which had previously lost $24.5 million on TRUMP, bought TRUMP again 7 hours ago and currently holds $3.28 million in TRUMP feature image

trendx logopanewslab2M

Whale, which had previously lost $24.5 million on TRUMP, bought TRUMP again 7 hours ago and currently holds $3.28 million in TRUMP

Who should be responsible for US$1.5 billion? Digging into the industry hidden dangers under Safe safety issues feature image

trendx logochaincatcher2M

Who should be responsible for US$1.5 billion? Digging into the industry hidden dangers under Safe safety issues