The massive Bybit hack resulted in the theft of $1.4 billion in Ethereum. Safe's report, at the center of the controversy, faced criticism from former Binance CEO Changpeng Zhao (CZ).
Details of the Attack: Safe’s Report
According to Safe's report, the Bybit hack was conducted via a compromised Safe developer machine. Hackers exploited this vulnerability to inject malicious code into Safe's AWS infrastructure. Key takeaways from the report include: attackers submitted a fraudulent transaction proposal, no flaws were found in Safe's smart contracts or source code, and the company has taken steps to reconfigure its infrastructure and bolster security. However, users are reminded to exercise caution when signing transactions.
CZ's Criticism and His Questions
Changpeng Zhao criticized the report for its lack of specificity, raising questions such as: how was the Safe developer machine compromised, how could it access Bybit's account, and could hackers bypass Ledger verification? CZ called for greater transparency and stronger security protocols in the crypto industry.
Safe's Response and Independent Investigations
Safe co-founder Martin Köppelmann clarified that the interface was compromised, not the Safe code itself. To enhance security, he proposed improving transaction verification on hardware devices and launching SafeNet, a cosigning service. Independent firms Sygnia and Verichains confirmed that a malicious code injection using social engineering was the root cause. Their investigation revealed that attackers exploited vulnerabilities to access Safe’s infrastructure.
Despite significant losses, Bybit promptly replenished user funds. This incident underscores the need for stronger security measures in the crypto sphere, especially concerning multi-signature wallets.
