The situation reversed, Bybit was stolen for 1.5 billion US dollars, which was actually caused by the developer of Safe protocol.

Author: Wu Shuo Blockchain

On the evening of February 26, Bybit and Safe issued an announcement at the same time, when the outside world was generally puzzled by how many signers Bybit were broken.

Safe said that the forensic review of the targeted attacks launched by Lazarus Group on Bybit concluded that the attack on Bybit Safe was implemented through the hacked Safe{Wallet} developer machine, resulting in malicious transactions. Lazarus is a government-backed North Korean hacker group known for complex social engineering attacks on developer credentials, sometimes combined with zero-day vulnerabilities.

Forensic review by external security researchers did not indicate any vulnerabilities in the source code of Safe smart contracts or front-end and services. After the recent incident, the Safe{Wallet} team conducted a thorough investigation and phased the recovery of Safe{Wallet} on the Ethereum mainnet. The Safe{Wallet} team has completely rebuilt, reconfigured all infrastructure, and rotated all credentials to ensure that the attack vector is completely eliminated. After awaiting the final results of the investigation, the Safe{Wallet} team will release a complete post-hoc analysis.

The Safe{Wallet} front-end is still running and additional security measures are taken. However, users need to be extra careful and alert when signing transactions.

Bybit says:

Attack time: The malicious code was injected into the AWS S3 bucket of Safe{Wallet} on February 19, 2025 and triggered when Bybit executes a multisig transaction, resulting in the stolen funds.

Attack method: The attacker tampers with the front-end JavaScript file of Safe{Wallet}, inject malicious code, modify the multisig transaction of Bybit, and redirects funds to the attacker's address.

Attack target: The malicious code is specifically targeted to Bybit's multisig cold wallet address and a test address, which is activated only under certain conditions. Post-attack operation: About two minutes after the malicious transaction is executed, the attacker removes malicious code from the AWS S3 bucket to cover up the traces.

Investigation Conclusion: The attack originated from Safe{Wallet}'s AWS infrastructure (probably a leak or hacked S3 CloudFront account/API Key), and Bybit's own infrastructure was not attacked.

Safe Multi-Sign Wallet is a cryptocurrency wallet based on blockchain smart contracts, which manages assets through a multi-signature (Multisig) mechanism. Its core is to require multiple predefined signatures (such as 2 out of 3, or 3 out of 5, called the M/N mechanism) to jointly authorize the transaction. The wallet itself is a contract deployed on the blockchain, recording the owner's address and signature threshold. The transaction needs to be collected and verified and executed by the contract. Its technical principle relies on the elliptic curve digital signature algorithm (ECDSA), the signer uses a private key to sign transactions, and the contract is verified by the public key. Transaction proposals are first stored in the contract, and then signed and submitted to the blockchain for execution, supporting flexible expansion such as account recovery functions.

Polygon Mudit Gupta questioned why a developer had the right to change content on Safe production websites from the beginning? Also why are the changes not monitored?

Binance founder CZ said I don’t usually criticize other industry players, but Safe is using vague language to cover up the problem. What does "Invade the Safe {Wallet} Developer Machine" mean? How did they invade this particular machine? Is it social engineering, viruses, etc.? How do developers machines access "accounts operated by Bybit"? Some code is deployed directly from this developer machine to production? How did they trick multiple signers into Ledger verification steps? Is it a blind sign? Or is the signer not verified correctly? Is USD 1.4 billion the largest address managed using Safe? Why are they not targeting others? What lessons can other “self-hosting, multi-signature” wallet providers and users learn from it? In addition, CZ denies that Binance also uses Safe to save assets.

Slow fog cosine says that Safe is indeed partly fine with smart contracts (it is easy to verify on the chain), but the front end is tampered with forgery to achieve the deceptive effect. As for why it was tampered with, the official details of Safe will be disclosed. Safe is a security infrastructure. In theory, everyone who uses this multi-signed wallet may be stolen like Bybit. What is extremely terrifying is that all other user interaction services with front-end, APIs, etc. may have this risk. This is also a classic supply chain attack. The security management model of huge/large assets needs to be upgraded a major way. If the Safe front-end does basic SRI verification, even if this js is changed, nothing will happen. Cosine said that if that safe dev was a North Korean agent, he wouldn't be surprised.

GCC manager Constantine said this is a major blow to the industry. The so-called decentralized public goods, single-point risk, and even a few ordinary contract front-end developers, have almost no security at all. In addition to safe, there are also a lot of web3 open source dependencies that all have risks similar to supply chain attacks. They not only have weak risk control, but also rely heavily on traditional Internet infrastructure to ensure security.

Hasu said that while the Safe front-end, rather than Bybit infrastructure, was compromised, Bybit infrastructure wasn't enough to stop the ultimate fairly simple hacking. There is no reason not to verify message integrity on the second quarantine machine when transferring more than $1 billion in funds.

Mingdao said the core is that large-scale fund signature transactions should be generated by permanent offline computers. As long as the initiator signs more people offline and then broadcasts through the Internet computer, there will be no problem with how others sign. All the people who sign up naked on the Internet computer and rely on the Internet to generate transactions, the cold wallet becomes a hot wallet. This is not the pot of safe, after all, it has no custody money. It just became the center of trust.

Vitalik also said that 90% of his personal assets are kept with Safe.

The Wintermute founder said that it is not that Bybit’s security measures are perfect (it looks like they may be the largest multi-signing account with the SAF E protocol). It may be more reasonable if they use solutions like Fireblocks or Fordefi, combined with other measures, especially when dealing with simple transfers of funds.