Reversal: Safe admits that Bybit's $1.5 billion theft was caused by Safe's invasion

Author: Safe.eth, source: Twitter @safe; translated by: Baishui, Golden Finance

summary

• The findings confirm that Lazarus launched a targeted attack on ByBit.

• The Safe smart contract is not affected, and the attack is carried out by hacking into the Safe {Wallet} developer machine that affects the accounts operated by Bybit.

• Safe{Wallet} has added security measures to eliminate attack vectors.

Complete statement

• An forensic review of the targeted attacks launched by Lazarus Group on Bybit concluded that the attack on Bybit Safe was implemented through the infected machine of the Safe{Wallet} developer, resulting in malicious transactions in disguise. Lazarus is a state-backed North Korean hacker group known for complex social engineering attacks on developer credentials, sometimes combined with zero-day vulnerabilities.

• Important tip! Forensic review by external security researchers did not indicate any vulnerabilities in the source code of Safe smart contracts or front-end and services.

• After the recent incident, the Safe{Wallet} team conducted a thorough investigation and has now recovered Safe{Wallet} in phases on the Ethereum mainnet. The Safe{Wallet} team has completely rebuilt, reconfigured all infrastructure, and rotated all credentials to ensure that the attack vector is completely eliminated.

• After the final results of the investigation come out, the Safe{Wallet} team will release a complete post-hoc analysis.

• The Safe{Wallet} front-end is still running and additional security measures are taken. However, users need to be extra careful and alert when signing transactions.

• Safe is committed to leading an industry-wide initiative to improve transaction verifiability, an ecosystem-wide challenge.

• Safe will continue to be committed to security, transparency, self-hosting and driving the industry forward.