Safe Multi-Signature Wallet said that last month, the $1.4 Billion Ethereum Heist at Dubai-based central exchange Bybit was due to a compromised laptop.
After multiple reports from independent sources pointed to the a malicious code injection Safe, along with security experts from Mandiant released additional details on Thursday. They said that the investigation reached the conclusion of the following: “critical checkpoint.”
“We present these findings in the spirit of transparency and to highlight key lessons learned, along with calls to action for the broader community to learn from this incident and strengthen defenses,” It was posted at X (formerly Twitter). “We wish to stress that despite hundreds of hours of analysis already conducted, there is more work to be done.”
Key findings of the investigation revealed that a workstation belonging to a Safe high-level developer was compromised on 4 February when it interacted maliciously with a docker project or lightweight application.
From there, the hackers—which on-chain sleuths and the FBI have said hailed from North Korea’s state-sponsored Lazarus hacking group—were able to bypass multi-factor authentication on Safe’s Amazon Web Services account, "hijacking" To do this, you need to use active AWS sessions tokens.
Wayback Machine shows that on February 21, two weeks after initial compromise, malicious JavaScript code was added to the Safe site, resulting in the Bybit vulnerability.
Safe, since discovering the exploit, has implemented more robust security measures. This includes a reset of all infrastructure, UI improvements for verifying transactions hashes and increased malicious transaction detection.
Safe has concluded that there is a need for users to be better able to confirm that transactions that they approve and sign have the desired outcome.
“The act of signing the transaction itself currently is the last line of defense, and it can only be effective if the user can understand what they are signing,” The firm stated. “To support users in securing their transactions, Safe has published a comprehensive guide on how to verify transactions before signing and will take further steps to make this process a frictionless part of using the Safe in the near-term.”
Bybit Hack was the largest crypto hack All time. Exchange actively monitors the funds stolen, and offers up to Bounties worth $140 Million Those who can track them down and stop their progress.
Andrew Hayward is the editor
