Key Points:
- The Bybit hack involved malicious injected into Safe Wallet, allowing attackers to divert funds from the exchange’s cold wallet to an external address.
- Safe conducted a comprehensive audit and infrastructure overhaul, while Bybit maintained platform stability and began repaying loans.
Bybit CEO Ben Zhou released an investigation report that shed light on the Bybit hack, clarifying that it did not stem from the exchange’s security systems but was linked to vulnerabilities in the Safe infrastructure, specifically the Safe Wallet.
The hack, identified as the largest in history, has been attributed to the notorious Lazarus Group, a hacker organization with meaningful ties to North Korea. However, only now have all the processes of this attack been exposed.
Safe Wallet Vulnerabilities Exploited in $1.4 Billion Bybit Hack
The report detailed how the attack was executed through malicious JavaScript code injected into Safe Wallet’s AWS S3 bucket, which altered transaction details during the signing process.
The investigation, initiated immediately after the unauthorized transactions were detected, revealed that the attackers manipulated a transaction to move funds from a Bybit cold wallet to a warm wallet, subsequently diverting the assets to an external address under their control. The compromised cold wallet was drained, and the funds were dispersed across multiple addresses.
The Bybit hack was reportedly facilitated by a compromised Safe Wallet developer machine, which allowed the attackers to propose a disguised malicious transaction. The Lazarus Group is known for its sophisticated social engineering attacks on developer credentials, often combined with zero-day exploits.
Safe Wallet Undergoes Overhaul Following Massive Security Breach
In response to the incident, Safe conducted a comprehensive audit, restructured its infrastructure, and changed all credentials to prevent future vulnerabilities.
The Safe Wallet on the Ethereum mainnet has been restored with a phased security rollout. Safe has also committed to promoting an industry initiative to enhance transaction verification capabilities across the ecosystem and advised users to exercise caution when signing transactions.
The Safe’s report had immediate repercussions on the market, with the SAFE token price dropping nearly 10%, trading around $0.46.
On February 21, 2025, the cryptocurrency and financial markets were rocked by a massive security breach targeting the Bybit exchange, resulting in losses exceeding $1.4 billion.
Binance founder CZ criticized Safe for using vague language in its communications and raised questions about how the hackers accessed the developer machine and Bybit accounts. CZ also clarified that Binance does not use Safe for asset storage.
Despite the breach, Bybit maintained platform stability, keeping withdrawals open and securing external liquidity through loans. By February 25, the exchange had begun repaying these loans, starting with the transfer of 40,000 ETH back to Bidget.
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Other Posts
Latest
Press Release
Coincall Debuts On Top 5 Crypto Options Exchanges by Volume, Announces ‘Earn While You Trade’ Feature
The Nation Token ($NATO) Officially Launches Following Historic Airdrop to 1 Million Users on Base
