GuShiio.com GuShiio.com learned that Bybit released a report on the hacker’s currency theft: app.safe.global ‘s benign JavaScript file appears to have been replaced by malicious code at 15:29:25 on February 19, 2025, UTC, specifically for Bybit’s EthereumMultisig cold wallet. The attack is intended to be activated during the next Bybit transaction. Based on the investigation of the Bybit signer machine and the malicious JavaScript load of the cache found on Wayback Archive, it is inclined to conclude that Safe.Global ‘s AWS S3 or CloudFront account / AP | the key may have been compromised or stolen.
Safe said in an official statement that the attack on Bybit Safe was carried out through the hacked Safe {Wallet} developer machine, resulting in malicious transactions in disguise.
Polygon Mudit Gupta questions why a developer has the right to change content on Safe sites in the first place. In addition, why are the changes not monitored?
Hasu said that while the Safe front-end rather than the Bybit infrastructure had been compromised, the Bybit infrastructure was not sufficient to prevent the eventual fairly simple hacker attack. When transferring more than $1 billion, there is no reason not to verify message integrity on the second quarantine machine.
Slow fog cosine indicates that Safe does have no problem with the smart contract part (it is easy to verify on the chain), but the front end has been tampered with to achieve the deceptive effect. As for why it was tampered with, wait for the Safe official details to be disclosed. Safe is a kind of security infrastructure, and in theory, anyone who signs a wallet with it could be stolen like Bybit. If you think about it, all other users with front-end, API and other user interaction services may have this risk. This is also a classic supply chain attack. The security management model of large / large assets needs to be greatly upgraded.
‘i don’t usually criticize other industry players, but Safe is using vague language to cover up the problem, ‘said CZ, founder of Yuan’an. & ldquo; hacked into the Safe {Wallet} developer machine & what does rdquo; mean? How did they hack into this particular machine? Is it social engineering, viruses, etc.? How to access the developer Machine & ldquo; account operated by Bybit & rdquo;? Some code is deployed directly from this developer machine to the production environment? How do they deceive the Ledger verification steps of multiple signers? Is it a blind visa? Or did the signer not verify it correctly? Is $1.4 billion the largest address managed using Safe? Why don’t they target others? Others & ldquo; self-hosting, multi-signature & what lessons can rdquo; wallet providers and users learn from it? In addition, CZ denied that Qian an also used Safe to preserve assets.
Reading the original text
