The recent hack of the cryptocurrency exchange Bybit, leading to the loss of over $1.4 billion in Ether, has caused a stir in the crypto community. Former Binance CEO Changpeng Zhao criticized the post-mortem report released by Safe{Wallet}, calling it vague and incomplete, stating that it failed to provide clear answers about how the breach occurred.
Safe's Incident Report
According to Safe's report, the hack was executed via a compromised developer machine, allowing the attackers to submit a malicious transaction proposal. No vulnerabilities were found in Safe's smart contracts or frontend services during the attack. External audits also found no flaws in Safe's smart contracts or source code. Safe has reconfigured its infrastructure, rotated credentials, and enhanced security to prevent similar incidents.
Changpeng Zhao's Criticism
Changpeng Zhao questioned Safe's report, asking how exactly the developer's computer was 'compromised': was it through social engineering, malware, or another method? He also questioned how the developer was linked to Bybit's account and how hackers managed to bypass Ledger's verification. Zhao called for greater transparency and stronger security measures to prevent similar attacks in the future.
Safe's Response and Independent Investigation
Safe co-founder Martin Köppelmann explained that the interface was compromised, not the Safe code itself. Hackers modified the interface to trick Bybit into signing a malicious transaction. Safe proposed various improvements, including enhancing transaction verification on hardware devices and introducing SafeNet for an additional layer of security. Independent investigations by Sygnia and Verichains confirmed that the root cause was a malicious JavaScript injection in Safe's infrastructure. Both Sygnia and Verichains recommended further investigations to determine the full scope of the breach.
The Bybit hack, now one of the largest exploits in crypto history, highlights the ongoing vulnerabilities in crypto security, especially in self-custody and multi-signature wallets. The industry must learn from these incidents and implement stronger security measures to prevent future attacks.
