Forum
OPRR
Finance
Specials
On-chain Eco
Entry
Podcasts
Data
Fish God Dialogue: Personal Experience of 12,000 ETH Theft and the Role of AI in Web3
Summarized by AI
Original Title: "Wu Discusses with Divine Fish: First Disclosure of 12,000 ETH Phishing Process and Security Advice to Startup Teams"
Original Source: Wu Blockchain
This discussion started from the Bybit $1.5 billion hack incident and focused on the security vulnerabilities of multi-signature wallets (such as Safe) and their solutions. Divine Fish pointed out that there are weak links in the infrastructure of multi-signature wallets, such as the frontend, hardware, and browser, especially regarding frontend tampering and blind signing issues. These vulnerabilities lead to inconsistencies between transaction intent and actual operation, making them easy targets for hackers. As a solution, he proposed temporary measures like domain whitelisting, transaction parsing plugins, and advocated for an end-to-end closed-loop risk control system. He suggested combining AI with third-party verification to enhance security.
Additionally, Divine Fish shared for the first time his experience of being phished for 12,000 ETH last year, emphasizing the risk of hardware wallet blind signing. He called for the industry to adopt a layered and decentralized architecture with a zero-trust framework and to strengthen security culture. He also mentioned that in the face of nation-state-level cyber attacks, the industry needs to address the challenges through technical iterations and improved security awareness. Lastly, Divine Fish discussed the future prospects of the combination of AI and Crypto, believing that AI Agents may play a significant role in blockchain networks, driving industry innovation.
The audio transcript was generated by GPT and may contain errors. Please listen to the full podcast:
Xiaoyuzhou: https://www.xiaoyuzhoufm.com/episodes/67bf221605a90dfd0d0c7332
YouTube: https://youtu.be/85Ogctbmito
Reflecting on Multi-Sig Infrastructure Vulnerabilities, Proposing Temporary Solutions Such as Domain Whitelisting and Transaction Parsing Plugins, and Advocating for End-to-End Closed-Loop Risk Control
Colin: Please share your thoughts on the Bybit incident and what notable points you think are worth exploring.
Divine Fish: This incident is actually a very typical case. Because the current industry solution for multi-signature wallets requires reliance on many infrastructures and intermediate services developed by multiple parties. Traditionally, this decentralization and distribution of responsibilities were seen as less prone to issues. However, the problem now is that the interactions between these applications developed by multiple parties and the hardware technologies have some bugs and potential weak points. This has led to a series of recent high-profile security incidents, facing threats from nation-state-level hacking forces.
The root of this issue is that I have been reflecting on this issue since I was attacked in September last year. Around November, we also contacted various hardware manufacturers and realized that blind signing is a very serious issue. The connection from the frontend to the desktop plugin to the hardware is also easily tampered with, and we realized this is the weakest point. At that time, we immediately contacted various companies such as OneKey and Ledger to discuss some solutions.
During this process, we found some issues. Each company had some solutions, but it was very difficult to ultimately implement a solution that could withstand attacks. As someone mentioned earlier, it might take up to half a year to iterate properly. Ledger actually implemented a comprehensive solution because of their contracts, requiring passive updates, which also had a very long cycle. The key is how the entire process can effectively patch vulnerabilities or bugs that arise from interactions across the chain.
Currently, there is a lack of an end-to-end solution in the market. Right now, it's a combination of various companies, but during the combination process, there may be unexpected outcomes, providing opportunities for hackers. During this process, we ourselves actually developed some internal tools and demos.
First, we created a whitelist for domain access to ensure that websites opened on the browser are safe and have not been tampered with, preventing typical phishing attacks, especially things like entering the wrong URL or random webpage redirection. Secondly, we developed a transaction parsing plugin that can run on mobile devices. Some hardware wallets communicate with the plugin or Safe via QR codes, so we verify if the content transmitted via the QR code has been tampered with and then validate the parsed content on the hardware wallet. We created some small plugins, but it felt too fragmented in practice, and the end-to-end process was not fully connected, with too many steps involved. So, after this incident, we are continuing to reflect on our approach.
A critical point is that our industry has grown significantly, with trillions of dollars at stake, inevitably attracting high-profile hacker teams. During this process, as mentioned by our team members, you need to dig deep both horizontally and vertically. However, because the industry is developing rapidly and iterating quickly, businesses often tend to overlook this series of potential risks in order to conduct operations.
Therefore, in this process, our current idea or what we are working on is that, since we have always managed various private keys (hardware, software, on-chain private keys) and accumulated a series of risk management capabilities, including some risk control engines. So, in scenarios typical of projects like Safe, we hope to act as custodians, holding a private key. With this private key, we have a completely independent software and hardware environment, coupled with our series of risk control engines for analysis. Simultaneously, we are introducing our customized series of auditing solutions, incorporating automated AI analysis, followed by manual audits, and then adding some black and white lists, and even some advanced contract parameter controls.
This is actually something we have been using throughout the DeFi process, but we haven't completely connected it to productization. Through this decentralized form, some private keys are not held entirely by one team, but by some external third party independently, and then this thing can only be controlled if it is closed end-to-end. This is currently our idea, and indeed this is how we operate in the on-chain DeFi process because EOA is particularly vulnerable to phishing attacks. Moving to multi-sig faces issues similar to Bybit. We have a particularly long chain of events and various risks.
Our current thinking and solution is that we are introducing an independent third party, and then this independent third party introduces its completely independent tech stack and hardware-software integrated solution, including a risk control engine, and even adding some AI capabilities, to complete a closed-loop process from transaction initiation and analysis, risk control review, to coordinating the signing process, and then trying to avoid the very patient, long-term, nation-state-level hacker infiltration attacks.
Blind Signing Risk Emphasized in Phishing Attack on DeFi Whale, AI and Third-Party Verification Integration Needed
Colin: You mentioned the issue of EOA phishing earlier. We also know that last year, some of your assets were inadvertently phished. Can you recall the specific situation at that time and whether the funds were ultimately transferred by North Korean hackers?
DeFi Whale: My background at the time was that a project was airdropping tokens, and my physical condition was not ideal at that time, and I was a bit distracted, so I clicked on a wrong link, which turned out to be a malicious link. However, the problem was that once the funds reached the hardware wallet side, we had a third-party risk control mechanism for domain names and DNS resolution. Unfortunately, that risk control mechanism was bypassed, and our risk control measures did not catch it. After it was bypassed, I was a bit distracted and did not check carefully. When it reached the hardware wallet side, because it was blind signing on the hardware wallet side, after I confirmed the transaction, I felt something was wrong and immediately checked, only to discover that something was amiss, and then the rest is history. After this incident, we went to address the issue of blind signing on hardware wallets. During this process, during last year's National Day, we held meetings with OneKey and others and found that the problem was not easy to solve. Because EOA is vulnerable to phishing attacks, especially targeted attacks.
So we turned to using Safe for multi-signature transactions. During the multi-signature process, I found that this issue somehow became more serious because almost every transaction was blind signed, and we had to create many small tools to try to address these issues. Ultimately, we still need a holistic solution. Our hardware wallet needs to achieve the goal of software and hardware integration because the hardware's UI is indeed the final checkpoint. We also need to introduce some independent third parties that can prevent interception, alerts, and handling when a person's state is not right in this process. This is also one of the reasons why we have started to iterate and attempt to productize in this area.
Reasons for the Absence of the "Altcoin Season": Lack of Drive and Anticipation of National Reserve Decisions Driving Market Development
Colin: In addition, last year, you were the first to raise the issue of the absence of an "altcoin season." There was a lot of debate, with some people, including many prominent figures, criticizing and insisting that there must be an "altcoin season," while others acknowledged it. Then, in December of last year, the "altcoin season" indeed happened very briefly. At that time, you might have felt that the "altcoin season" was emerging, stating that it had begun.
However, not long after, it seems that, as you originally mentioned, in this cycle, the "altcoin season" was almost non-existent. Of course, we do not make predictions. Regarding short-term forecasts, as someone said before, only God knows. But do you have any new thoughts now? Do you think that in this cycle, the "altcoin season" is almost impossible to occur because it mainly revolves around the Bitcoin price cycle? Also, do you not think that the so-called bull market has ended or is about to transition into a bear market phase?
Whale: My current feeling is that over the past two to three years, apart from some minor emotionally driven hot topics, the entire industry still lacks a clear landing application and real demand-driven scenarios, as it was very evident in 2020 and 2021. I believe this is the fundamental issue. Due to the lack of intrinsic drive, there will not be new truly valuable application assets emerging.
On the other hand, in this cycle, a large number of players actually stayed in the traditional US stock market. They traded through ETF allocations, using platforms like Robinhood. They do not truly own cryptocurrency assets. Therefore, a lot of money did not stay within the crypto field, and the anticipated overflow effect did not occur, where funds would spread from Bitcoin and Ethereum to other currencies. With these two factors combined, for some reason, perhaps even the "altcoin season" was driven by short-term sentiment and only lasted a few weeks, without a widespread breakout. At the moment, I almost maintain my previous judgment.
My view for this year, or my expectation for the market, is that a market development milestone may be reached in the second half of this year, possibly between June and October. As the situation regarding the US and other national reserve decisions becomes clearer and is resolved, the industry or market may see a significant influx of new funds. However, currently, in the short to medium term, we may not be able to resolve issues at the application layer. There doesn't seem to be a frenzy of inflow in terms of on-chain and off-chain funds. So, I am more hopeful for the second half of the year.
I'm not making a judgment on this matter today, but it may ultimately depend on whether the Reserve-related issue in the United States will have any results this year. If there are no results, the market may come to an end. At this moment, we feel that the probability of passage is still relatively high, but it's hard to say for sure, so our expectations are more focused on the second half of the year. (This Space was posted on February 25th, and in March, Trump signed an executive order on Bitcoin Reserve)
Summary of Historical Hacks: Dealing with Nation-State Hackers Requires Layered Decentralization, Zero Trust Architecture, and Security Culture
Colin: Well, Whale, you've been in the crypto space for a long time. I joined around 2017. There have been countless theft incidents in the crypto world's history, all very thrilling. Of course, the amount stolen in this Bybit hack set a new record, but Bybit itself is profitable enough to be able to fully reimburse users. In your memory, including the early days, what are the most memorable theft experiences you've had, and which ones are most worth sharing?
Whale: I believe that the cat-and-mouse game has always been escalating, especially in the early days when the attack methods were very primitive. We in the industry must realize that we are up against a nation-state level of force. These are not ordinary hackers; they are organized, sometimes intensively trained from the age of ten, using various methods similar to attacking core infrastructure to infiltrate our enterprises internally. They will even challenge us on a human level. It is essential for everyone to clearly recognize that we are facing such adversaries. In this process, there will be complacency, and human nature will pose some challenges. Ultimately, we must adopt adequate means and methods to withstand these threats.
In the history of the Internet, Cobo is probably one of the earliest Chinese-background companies to adopt the Zero Trust model and security culture. We adopted this methodology early on because only this method has been validated to resist penetration attempts from nation-state actors. Therefore, around 2018 and 2019, we began implementing Zero Trust transformation internally, where all our internal services and all employees' computers and phones had to install various security measures. Once we realized this, we had to employ this solution and ensure that all our systems are in a minimal trust state.
Simultaneously, the most critical asset for us is the private key, so we must introduce a layered, decentralized, and distributed mindset. What does layering mean? We must disperse our wallets significantly. I previously shared my theory of the four wallets on a personal level. But at an institutional level, we should at least have a three-tier wallet structure—hot, warm, cold—with each layer having its characteristics, and possibly blacklists and whitelists, as well as a series of processes, including time delays. Often, for the sake of efficiency, especially in this rapidly developing industry, we tend to compromise security for efficiency. However, mandatory time delays can significantly reduce your security risks. Especially at the level of cold and warm wallets, we must layer them and set different security risks for each layer, establish an auditing system and processes to mitigate these systemic risks. The cold wallet should ideally be at a physical level to ensure absolute security.
Next is the need for decentralization. As the industry has developed over the years and the number of participants has increased, we may not have the solution from the beginning and could only trust our internal team to handle certain tasks. Now, with the rise of remote work, internal employees have been infiltrated by North Korean entities, with high-privileged employees within the organization. Therefore, we cannot entirely trust the internal processes. Thus, at this level, decentralization is essential. We need to involve an external independent third party to control some private keys and conduct verification, which is also crucial. Currently, there are many custody companies, security firms, and insurance companies that can hold private keys at different levels — some holding hot wallet keys, some holding warm wallet keys, and some holding cold wallet keys. They act as external independent third parties with their security solutions to perform risk management and control. Through a series of measures, the cost and threshold of attacks will be exponentially increased.
Lastly, diversification. We have done well in globally dispersing these software and hardware, as most are already in a decentralized state. From this perspective, firstly, we must use a minimal trust system and apply the zero-trust risk design concept to design our entire internal system and architecture. This should be combined with a core asset management approach that includes layering, decentralization, and rights distribution. Additionally, we need to implement a range of software and hardware security modules, stringent internal access control processes, and establish a secure lifecycle closed-loop management system. Furthermore, having in place real-time and post-event emergency response and solutions can help us survive in high-risk and uncertain attack scenarios.
Compliant trading platforms invest more in security, while offshore platforms, facing growth pressures, lack sufficient security measures
Colin: Personally, I am curious about compliant trading platforms like Coinbase and others. Honestly, it seems that they have experienced relatively fewer theft incidents compared to offshore trading platforms, which have almost all suffered theft. Moreover, many trading platforms have been hacked multiple times. What is the reason for this? In theory, can the architecture they use be applied to offshore trading platforms as well? Maybe because offshore trading platforms have a larger fund size or operate differently. I'm not sure which security expert can answer this question.
Also, Shark, do you think facing attacks from North Korean hackers will significantly increase the startup difficulty in this industry? Will it raise the security costs for ordinary entrepreneurs or the investment they need, thereby significantly hindering the industry's development? Can the industry withstand North Korean hacker attacks, or is there a considerable level of doubt within the industry now?
Whale: Let me add a bit. My intuition is that compliant trading platforms may prioritize security more in terms of both safety and efficiency. For example, in some aspects, they may have stricter controls, so they invest heavily in security.
Offshore trading platforms theoretically have a lot of funds and can invest more in security. Whether it's early Binance or others, including the recent situation, it seems that hacks are quite frequent.
Perhaps it's because offshore trading platforms face significant growth pressure, requiring continuous high-frequency iterations, and there are more user complaints. But in compliant trading platforms, ordinary users don't have such high expectations, withdrawal requests are not as urgent, and even large withdrawals may take T+1, T+2, or I've even seen T+7, which users can accept because the user base is different, mainly institutional on compliant trading platforms. Both of these trading platforms may have a relatively long history, and I don't know if they have experienced being hacked or not. They should have a lot of internal experience in responding to security issues and can essentially consider security issues as a company's "rite of passage."
I think as long as there is enough profit margin in this industry, investing in some SaaS products can definitely attempt to address the pain points and needs of this industry. However, currently, people's awareness of security or willingness to pay is not strong. We have also seen many excellent security products, but everyone is earning hard-earned money, and even the cost is hard to balance, needing subsidies from other aspects.
Actually, this is a problem at this level, but I feel that with the advancement of cybersecurity, everyone is gradually realizing that security is a crucial matter, and investment in security will increase. This also provides certain development space and funding for companies focusing on security SaaS. From a security and architectural perspective, there are effective and verifiable solutions. However, in cases like Safe, there are probably four to five participants upstream and downstream, and to complete a transaction, coordinating between each participant is slow, and hardware upgrades are particularly slow, ultimately giving hackers a time window.
Once the issues in the blockchain industry are fully exposed and discussed, they should be able to be resolved through one or two cycles of iteration. In addition, Web2 also faces similar issues, although the resources invested in addressing security issues in Web2 are not as significant as in the blockchain industry. We see technologies like Passkey, which has been promoted to protect password security for many years, and finally in the past one or two years, it has started to be widely used, especially in some sensitive financial areas. So these foundational technologies are reusable and can be developed, including the Apple devices we use, which are rapidly iterating on the security front. Ultimately, there are solutions, but it may just require some time and financial investment. During this process, some developers with weak risk awareness and a more aggressive approach may incur some costs, but the issues can be resolved.
Founder Security Advice: Practice Zero Trust Model, Cross-Audit Verification, Regular Security Drills
Colin: For founders, recently a startup project had $50 million stolen, although many in the community are also supporting them. In terms of security for startup projects, as someone with many years of experience who has been through a lot, do you have any advice to help founders better raise their awareness of security?
Whale: I think in the process of entrepreneurship, it is essential to practice the zero trust model, which is critical. Only in the current environment, only this set of methodology and philosophy can protect everyone. At the same time, you cannot rely on some single points of failure and one-way contract audits; the basic requirement is to have at least two to three companies to conduct audits, requiring some cross-audit verification, so that some issues can be exposed in this process. Also, the fundraising pace should not be too rapid. In the early stages, you can increase the funding gradually through some internal testing, public testing, and isolate the funds, which can relatively manage the risk well.
Actually, there are many security solutions in the industry that are not very expensive, such as secure monitoring and risk control systems, which everyone should make use of. This can significantly increase the survival rate.
In the process of entrepreneurship, on the one hand, the business model should consider the user end, especially for entrepreneurs without a technical background. It is essential to spend a considerable amount of attention on security and the internal zero trust architecture, at least dedicating twenty to thirty percent of attention to this aspect. If the company does not emphasize these internal security culture and systems, and does not conduct periodic internal security phishing tests and red team drills, from the employee and human behavior perspective, everyone will slack off. You must understand that hackers may be watching you at any time. Therefore, resources and attention still need to be focused on security.
Colin: Yes, I think in the process of growing this industry, almost no company, whether it's the boss personally or the company, will not experience being hacked. Fortunately, as long as you are not completely defeated this time, whether it is individual or the entire industry, there will be some progress.
Why Not Participate in This Round of Memecoin: Feeling Unwell, Focusing on AI
Web3 Dumpling: Whale, you have always been in the crypto industry, and you are a well-known figure in this industry. At the earliest, Cobo Wallet may have been mining with everyone. I participated in all of these early activities. In this year's market conditions, I noticed that you have spoken very little about industry-related matters. Including the link you posted today, the mention of PVP was only cursory. I am more concerned that for the industry, it seems that after the last bull run, the industry has reached a bottleneck. I would like to ask Whale, where is the next trend?
Colin: Yes, Shen Yu, you have always been fond of exploring various new things. However, it seems that in this current Meme craze, I haven't seen you actively participating. What is the reason for this?
Shen Yu: The reason I don't partake in Memes is primarily because my body just can't handle it; I can't keep up with the younger generation. Another factor is that my recent focus has been on AI. AI seems like it may have some revolutionary integration with cryptocurrency in the future, potentially bringing new incremental changes. Over a year ago at an offline event, we proposed that the ultimate users of cryptocurrency might be AI agents or AI robots, rather than humans. Therefore, I have devoted a lot of effort to learning about and using AI. I can't keep up with PVP anymore; whenever I get involved, I end up just giving away money to everyone without much positive feedback. Hence, my main focus has shifted to AI.
Looking Forward to the Integration of AI and Crypto, Believing AI Agents Might Play a Significant Role in Blockchain Networks in the Future
Colin: What are your thoughts on AI at present? Because there was a previous frenzy around so-called AI Agents that crashed particularly hard; many of my friends who invested in AI ended up bankrupt. Do you think the earlier wave of AI agents generated anything attractive? And what do you consider to be good application directions for AI in conjunction with cryptocurrency?
Shen Yu: I believe that fundamentally, AI's capabilities have not yet reached that stage. Currently, we are still in a phase of concept validation. However, we can see that AI is rapidly evolving, with the underlying computational power model continually iterating. We are hopeful that AI will eventually achieve a state where it possesses general AGI (Artificial General Intelligence).
Regarding cryptocurrency, there are a couple of points. On the one hand, AI is very friendly to fully digital entities because the data is publicly transparent. Therefore, on one hand, AI may change the way we interact. For these complex smart contracts and inhumane security operations, we should be able to rely on some reliable, intelligent AI agents to assist us in making decisions. I often joke now that when I operate in decentralized finance, I must remotely arrange a few AI agents to watch over me. In the future, it may actually take this form, with a few artificial intelligence engineers and possibly one or two AI agents monitoring the screens. Looking further ahead, AI may indeed plug into the blockchain network.
Let's envision a scenario where AI agents need to interact, including exchanging value, exchanging data, possibly involving contractual aspects, and even forming loosely structured companies or DAOs. They might adopt platforms like smart contract platforms for some value exchanges. I'm thinking that maybe in the next three to five years, something akin to a web social network or a value social network will emerge on the blockchain, ultimately meant for this bunch of AI agents to use.
Once this thing emerges, the value and impact it brings could be very significant. We have always talked about the network effect of Web3, and the asset scale or value it brings may far exceed that of traditional Internet companies that we see today, so this could be something even larger in scale than the current trillion-dollar entities. I have been thinking about what this really is and what we can do in it. I am quite optimistic, although the industry has indeed not seen a good application direction emerge in the past two or three years, but I think it should happen in the future, and there are some obstacles we may be able to overcome, so I am looking forward to that day.
Safe Wallet Blind Signature Issue Solution: Enterprise Signing Tool + AI Risk Control + Blacklist/Whitelist Management
TheCheerSong: I am a trader who conducts on-chain automated transactions. After this event, in a situation where our business cannot afford to stop, we have also been upgrading our security measures. I feel the most troublesome part is still the blind signature part of the Safe Wallet. What we can do now is that we have some open-source permission control modules on our side, and then we apply them to the Safe Wallet.
In this usage process, most of the transaction requests have been automated, so the Safe Wallet is basically only used for manual token transfer operations. I would like to ask the teachers if there are any tools available at the moment to verify the signature content of our relatively simpler requests?
GodFish: In fact, as someone mentioned just now, we will be releasing next week. We have productized this internal set of tools and released this Safe enterprise signing tool. Essentially, we obtain a Safe's private key, then add some blacklists/whitelists through a machine, including some risk control templates. You can customize some common risk control measures, such as limiting token amounts, transaction speeds, setting blacklists/whitelists, etc. Then, with the capabilities of an AI Agent and considering scenarios of large losses, we can clearly outline this process and manage risks well.
This solution, combined with Cobo's previous on-chain Argus-based contract with access control lists and parameter-level controls. I feel that currently, only by doing this can my large funds be transacted on-chain with peace of mind. This is the security practice we are currently using.
Insights from Various Security Experts on the Wallet Security Issue in the Bybit Hack Event
During this Space session, BlockSec CEO Professor Zhou Yajin, OneKey Chief Growth Officer Nig, and Cobo Chief Security Officer Moon also expressed their views.
Regarding the security issue of the Bybit incident, Professor Zhou Yajin stated that the incident occurred due to a discrepancy between the operation and actual trading when using the Safe contract wallet to manage funds. This led to a malicious upgrade of the wallet and fund theft, with the exact reason not yet disclosed. Many project teams believed that using Safe multisig wallets for fund management was secure, but in reality, they overlooked that security should encompass a system-wide build across operational, non-technical, and technical aspects.
There are vulnerabilities in private key management and transaction interpretation, such as inadequate custody, signing, and transaction parsing. The security process for ensuring the physical security of private keys lacks proper handling due to the user-friendly nature. Large fund multisig transfers have a long trust chain but lack a third-party dual verification of transaction interpretation and operation interface information. Therefore, when using a contract wallet to manage large funds, third-party verification and authentication should be introduced, whitelist or delegation should be established, and flexible policy controls should be implemented on the contract wallet.
Regarding the frequent front-end tampering of Safe wallets and the security of the mainstream multisig solution Safe, Moon believes that the Safe solution and contract itself are relatively secure, but when applied, the trust chain is long, making it prone to unexpected situations. The attack on Bybit this time is most likely an outsourcing issue rather than a contract issue, highlighting the importance of daily security awareness improvement. To securely use a Safe wallet, vertical and horizontal considerations are required. Vertically, each link should have controllable technical solutions, such as independent devices, and horizontally, multisig should require independent signer verification. A long trust chain is prone to link intersections, allowing hackers to bypass validation. Therefore, horizontal expansion should not only increase the number of signers but also ensure that each signer's solution and environment are independent and self-verified to fully leverage the benefits of Safe.
Additionally, apart from using contract wallets, exchanges and high-net-worth individuals should establish rigorous mechanisms such as manual reconciliation, anomaly monitoring, automated program audits, and improve security awareness to mitigate Web2 attacks. In addition, Cobo will also launch an MPC combined with a Safe management solution, leveraging Safe's multisig capabilities to allow different signers to have independent, complete end-to-end signing chains.
Regarding the hardware wallet-related issues in the Bybit incident, Nig stated that Bybit adopted an NPC-controlled EOA wallet (due to its easily interpretable signature), while the Safe smart contract wallet has a complex and difficult-to-parse signature, which the security team may not have detected promptly. Existing hardware wallets (such as Ledger) have limited performance and struggle with complex smart contract parsing and blind signing. With early measures, this attack could have been avoided, and the Godfish team and OneKey have developed related parsing tools.
The progress of Ledger's Clear Signing is slow, and the signature data transmitted from internet-connected devices is easily compromised. Relying solely on hardware wallet parsing to ensure consistent intent is insufficient. Bybit lacked a warning this time, and after the first signer was compromised, others blind-signed due to device issues. It is recommended that high-net-worth individuals and institutions isolate fund transaction-related internet-connected devices independently from office devices to reduce intrusion risks. Previous incidents like Radium's compromise may have resulted from a lack of environment isolation.
Regarding the Security of Safe, Third-Party Monitoring Functionality, and the Application of AI in Blockchain Security, Professor Zhou Yajin believes that the security of Safe contracts has been high in the past, with multiple reviews. However, the lengthy usage process brings risks. His team has developed the Falcon Safe Security System, which can examine user transactions from a third-party perspective, analyze transaction content, provide reminders on key information such as transfers, contract interactions, etc., reduce user cognitive barriers, and avoid security issues. In terms of AI application, on the one hand, AI has reduced the cost of malicious activities, making it easier to mass-produce phishing tools. On the other hand, the industry is exploring the combination of AI and auditing, as well as automated code auditing. Although it is far from the ideal state, AI can lower the threshold for cryptocurrency users to use products, helping to address complex user operation issues.
Regarding hardware wallet-related issues, Nig responded that the company would not, like some peers, issue a rallying cry and advertise a sharp increase in sales after the exchange platform was hacked. While the increase in sales is good, it also reflects that many people have just begun to focus on private key security. In this security incident, the hardware wallet bears some responsibility, and the performance of Ledger and Safe did not meet expectations. Safe has ceased front-end and native support. The previous generation hardware wallets have limited parsing capabilities due to security considerations, while the new generation products such as Ultra and Pro will enhance local complex contract parsing, support parsing of transaction core elements, and Classic will also display selected key parts; the app will achieve mainstream EVM transaction parsing, with a slight delay in hardware-side security testing.
Regarding Safe, methods to defend against related attacks will be demonstrated in the near future, and user safety education will be conducted. In the future, despite the diverse technologies, such as OKX's lack of enthusiasm for hardware wallet integration, institutions promoting NPC wallets, etc., due to the mnemonic exposure risk during the signing process in a networked environment, hardware wallets will always focus on the physical isolation of the core. Even with changes such as mnemonic standard upgrades, the core security defense will not change.
Welcome to join the official BlockBeats community:
Telegram Subscription Group: https://t.me/theblockbeats
Telegram Discussion Group: https://t.me/BlockBeats_App
Official Twitter Account: https://twitter.com/BlockBeatsAsia
