The recent hack of Bybit, resulting in over $1.4 billion in Ether theft, has sparked controversy. Former Binance CEO Changpeng Zhao has openly criticized the report by Safe{Wallet}, labeling it vague and incomplete.
Safe’s Report: Findings and Gaps
Safe's report concluded that hackers accessed the system via a compromised developer machine and injected malicious code into SafeWallet's AWS infrastructure to facilitate a fraudulent transaction. The report highlighted that the breach was not related to vulnerabilities in Safe's smart contracts or interfaces. Key points included the absence of flaws in Safe's code and urging users to exercise caution when signing transactions.
CZ’s Criticism
Changpeng Zhao issued a public statement pointing out numerous gaps in Safe's report. He raised questions on how the hackers accessed the developer's machine, considering the possible involvement of social engineering or malware. Zhao also questioned how the Ledger verification step was circumvented and why Bybit's wallet was specifically targeted. His criticism underscores the need for greater transparency and sparked discussions on better security protocols for safeguarding similar services.
Safe's Response and Bybit's Reaction
Safe co-founder Martin Köppelmann commented on the incident, emphasizing that it was the interface that was compromised, not the security system itself. He presented plans for improving the system, such as enhancing transaction verification on hardware devices and launching SafeNet. Additionally, Bybit quickly replenished the lost funds and continued operations. The company engaged independent experts from Sygnia and Verichains, who found that the issue mainly arose due to malicious JavaScript injection into Safe's infrastructure.
The Bybit incident stands as one of the largest breaches in cryptocurrency history, highlighting ongoing vulnerabilities. It is essential to strengthen user protection measures and implement stricter security protocols to prevent similar attacks in the future.
