North Korean Hacker Group's Attack on Top Coin Circle Infrastructure Safe: How Important Is Security in Crypto? In this translation, I aimed to main

The next hacker-themed movie may be inspired by the recent $1.5 billion Bybit and Safe hack. The hacker's technique was near-perfect, and so far, no traces have been found.

After a week of multi-party investigations, updates have been provided by Safe's team, Bybit's team, and the security company. Blockbeats has summarized the investigation results in the most concise language, revealing the first-hand situation:

1. Code is fine: Safe's front-end code is open source, with no issues at the code level. It was Safe's server security that was compromised.

2. Inside job: Specifically, the code deployed in the production environment was not consistent with what was shown in the open-source repository. This means that at some point, someone replaced or inserted malicious code during the deployment process.

3. Unknown insider: Not all developers have the permission to deploy production code. The individual capable of conducting such a deep operation must have a high level of trust. This insider could be a long-trusted developer or a team member with sufficient permissions. The attacker concealed their tracks for a considerable period. Safe has examined the transaction history, found no anomalies, and has not identified the insider. The community and users are requested to assist in the investigation.

In addition, Safe has not mentioned any plans for compensation but has discussed some follow-up upgrade plans. They also remind everyone to stay rational and to not trust those who are marketing so-called "advanced multisig," "semi-custodial," "MPC," and similar products leveraging this hack event, as these products may instead expand the attack surface.

Indeed, this is not the first theft involving Safe's multisig. The technique used this time is very similar to the October incident involving Radiant Capital. During the Radiant Capital hack, the hacker infected the core developer's device and implanted malicious software, causing the developer to mistakenly believe they were signing a legitimate transaction when, in reality, a malicious transaction was being executed in the background.

Safe's Impact on the Crypto Space

Why is this event so attention-grabbing? The reason is that Safe is the most popular multisig wallet in the Ethereum ecosystem.

When Safe was launched last year, the top 100 airdrop addresses were mainly project teams, institutions, and large holders. This means that Safe's security can impact a significant part of the crypto space.

As shown in the image, well-known names include Metamask, PleasrDao, AAVE, 1inch, Lido, and more.

During this cycle, traditional finance, traditional institutions, family funds, and old money have accelerated their entry. However, due to the high entry barrier of crypto, many people have chosen a relatively safer way to protect their funds while engaging in on-chain activities, which is through a multi-signature wallet like Safe.

For example, the most representative is former President Trump's DeFi team.

According to Safe's guardians speaking to Doozer BlockBeats, the simplest way to determine if an on-chain address is a Safe wallet address is through two methods: first is the "MultiSig" displayed on ARKHAM, and second is the "MultiSig: Safe" directly displayed below the address on the debank page. As seen in the image above, former President Trump's DeFi project World Liberity Fi indeed uses a multi-signature wallet.

This means that any security vulnerability within Safe could potentially trigger a huge chain reaction and butterfly effect.

Even Top Coin Security Infrastructure Can Encounter Issues

The Safe project is basically a blue-chip project in the Ethereum ecosystem, with its incubation team being Gnosis.

Gnosis Chain, which was a well-known Ethereum sidechain in the previous cycle, focuses on efficient and secure decentralized application development. According to DefiLlama data, as of the time of writing this article, Gnosis Chain's total value locked (TVL) is $200 million, with a peak of $350 million.

In fact, the story of the Gnosis ecosystem and incubator can be traced back to 2015.

Compared to the now well-known Polymarket, Gnosis co-founder Martin Koeppelmann began researching decentralized prediction markets much earlier. In 2015, he posted his thoughts on the combination of MarketMaker and OrderBook on his forum, which was one of the earliest concepts of a decentralized prediction market in the industry.

Martin Koeppelmann is also one of the earliest Ethereum developers, having joined before TheDAO era and being based in Berlin, he had close interactions with Vitalik, who had an office in Berlin at the time.

Over the years, he has been actively involved in many discussions in the Ethereum development community, often engaging with Vitalik on topics such as L2, ZK, and the Ethereum roadmap. Martin's integration into the community can also be seen from his social media presence.

Based on this technical expertise, Gnosis has gradually developed a complete ecosystem. Evolving from Gnosis Protocol to CowSwap, Martin and his team have further expanded to create products such as Gnosis Chain, Safe, and Gnosis Pay.

Has the Bear Market Signal Been Triggered?

The extensive impact of this Safe security incident has indeed caused a significant amount of panic and pessimism in the crypto community. According to Alternative.me data, today's cryptocurrency fear and greed index has dropped to 10, hitting a new low since July 2022, with the market remaining in extreme fear.

Many community members are now questioning whether multi-signature is merely a "fig leaf" decoration.?

Simultaneously, many industry practitioners are expressing reflection and concerns about the industry: "If multi-signature wallets are not secure, then who will take this industry seriously and trust it? Has the crypto industry turned into a hacker haven?"

A historical perspective shows that the end of each crypto bull market is often accompanied by major security and trust crises.

For example, the early Mt.Gox event led to a large amount of crypto assets being stolen, becoming one of the most famous hacking incidents in crypto industry history; the end of the last bull market started with a trust crisis stemming from FTX's run on the bank and Terra's collapse, severely affecting investor confidence in the entire industry.

So, what will mark the end of this bull market? Pessimistically, the Safe security incident is very likely to be one of the "signals" marking the end of this bull run.