Forum
OPRR
Finance
Specials
On-chain Eco
Entry
Podcasts
Data
CZ: The suggestion for ByBit to pause withdrawals was based on our own experience and observation, with the principle always leaning towards the safer side.
BlockBeats News, February 22nd, CZ posted an article stating, "Recent events (including ByBit, Phemex, WazirX, etc.) have shown a pattern: hackers are able to steal a large amount of crypto assets from a multi-signature 'cold storage' solution. In the latest ByBit case, the hacker was able to make the frontend user interface display a legitimate transaction, while actually signing another transaction. Although I am not very familiar with other cases, based on the limited information available, they seem to have similar characteristics."
Some people questioned my suggestion to immediately suspend all withdrawals in the event of a security incident (I tweeted this while on the boarding shuttle). My intention was to share a practical response based on my own experience and observation. Of course, there is no absolute right or wrong. My principle has always been to err on the side of safety. After a security incident, all operations should be suspended immediately to fully understand the attack method, identify how the hacker penetrated the system, which devices were affected, triple-check security, and then resume operations.
Of course, suspending withdrawals may trigger greater panic. In 2019, we suspended withdrawals for a week after a $40 million hack. However, when we resumed withdrawals (and deposits), the amount of deposits was actually higher than withdrawals. I'm not saying this method is better; every situation is different and judgment needs to be made. The purpose of my tweet was to share a possibly effective method and express support promptly.
I believe Ben made the best decision based on the information available to him. Ben maintained transparent communication and a calm attitude during this crisis, in stark contrast to CEOs of WazirX, FTX, etc., who were not transparent enough. It is important to emphasize that the nature of these cases is different. FTX is a fraud case, while the WazirX incident is still in litigation, and I prefer not to comment."
