Bybit’s $1.5 Billion Theft Unveiled: Safe{Wallet} Front-End Code Tampered
Contents
Bybit’s $1.5 Billion Theft Unveiled: Safe{Wallet} Front-End Code Tampered
Author: 23pds & Thinking
Editor: Liz
Background
On the evening of February 26, Bybit and Safe simultaneously released security investigation reports regarding the theft of nearly $1.5 billion worth of cryptocurrency from Bybit.
Safe stated:
The forensic analysis of the targeted attack launched by Lazarus Group against Bybit indicates that the attackers infiltrated a Safe{Wallet} developer’s machine, allowing them to submit a disguised malicious transaction proposal. This deception led Bybit’s Safe wallet owner to sign the malicious transaction, enabling the attack on Bybit’s Safe wallet.
Forensic analysis conducted by external security researchers did not identify any vulnerabilities in the source code of Safe’s smart contracts, front-end, or related services. Following the incident, the Safe{Wallet} team conducted a thorough investigation and gradually restored Safe{Wallet} on the Ethereum mainnet. The team has fully rebuilt and reconfigured all infrastructure, rotated all credentials, and ensured that the attack vector has been completely …
Author: 23pds & Thinking
Editor: Liz
Background
On the evening of February 26, Bybit and Safe simultaneously released security investigation reports regarding the theft of nearly $1.5 billion worth of cryptocurrency from Bybit.
Safe stated:
The forensic analysis of the targeted attack launched by Lazarus Group against Bybit indicates that the attackers infiltrated a Safe{Wallet} developer’s machine, allowing them to submit a disguised malicious transaction proposal. This deception led Bybit’s Safe wallet owner to sign the malicious transaction, enabling the attack on Bybit’s Safe wallet.
Forensic analysis conducted by external security researchers did not identify any vulnerabilities in the source code of Safe’s smart contracts, front-end, or related services. Following the incident, the Safe{Wallet} team conducted a thorough investigation and gradually restored Safe{Wallet} on the Ethereum mainnet. The team has fully rebuilt and reconfigured all infrastructure, rotated all credentials, and ensured that the attack vector has been completely …
IoC
https://app.safe.global/_next/static/chunks/pages/_app-52c9031bfa03da47.js
bdd077f651ebe7f7b3ce16fe5f2b025be2969516
bdd077f651ebe7f7b3ce16fe5f2b025be2969516