Safe{Wallet} Statement on Targeted Attack on Bybit
Contents
Tl;dr:
Forensic findings confirm targeted attack on ByBit by Lazarus
Safe smart contracts unaffected, an attack was conducted by compromising a Safe {Wallet} developer machine which affected an account operated by Bybit
Safe{Wallet} has added security measures to eliminate the attack vector.
Full Statement:
The forensic review into the targeted attack by the Lazarus Group on Bybit concluded that this attack targeted to the Bybit Safe was achieved through a compromised machine of a Safe{Wallet} developer resulting in the proposal of a disguised malicious transaction. Lazarus is a state-sponsored North Korean hacker group that is well known for sophisticated social engineering attacks on developer credentials, sometimes combined with zero-day exploits.
Important! The forensic review of external security researchers did NOT indicate any vulnerabilities in the Safe smart contracts or source code of the frontend and services.
Following the recent incident, the Safe{Wallet} team conducted a thorough investigation and have now restored …
Forensic findings confirm targeted attack on ByBit by Lazarus
Safe smart contracts unaffected, an attack was conducted by compromising a Safe {Wallet} developer machine which affected an account operated by Bybit
Safe{Wallet} has added security measures to eliminate the attack vector.
Full Statement:
The forensic review into the targeted attack by the Lazarus Group on Bybit concluded that this attack targeted to the Bybit Safe was achieved through a compromised machine of a Safe{Wallet} developer resulting in the proposal of a disguised malicious transaction. Lazarus is a state-sponsored North Korean hacker group that is well known for sophisticated social engineering attacks on developer credentials, sometimes combined with zero-day exploits.
Important! The forensic review of external security researchers did NOT indicate any vulnerabilities in the Safe smart contracts or source code of the frontend and services.
Following the recent incident, the Safe{Wallet} team conducted a thorough investigation and have now restored …