The recent Bybit cyber attack, resulting in the theft of over $1.4 billion in Ether, has sparked controversy. Former Binance CEO Changpeng Zhao (CZ) criticized the post-mortem report released by SafeWallet, describing it as lacking completeness.
Safe's Investigation: What the Report Reveals
Safe's forensic report concluded that the hack was executed through a compromised developer machine, allowing attackers to submit a malicious transaction proposal. However, the report indicated that the attack was not due to vulnerabilities in Safe's smart contracts or frontend services. Key takeaways from the report include: - The attack targeted Bybit's SafeWallet via a compromised Safe developer machine. - A malicious transaction was submitted, draining funds from Bybit's wallet. - External audits found no flaws in Safe's smart contracts or source code. - Safe's infrastructure was reconfigured, credentials rotated, and security measures enhanced. - Users are urged to exercise caution when signing transactions.
CZ's Criticism: More Questions Than Answers
CZ openly criticized the report, claiming it brushed over key details and left many critical questions unanswered, such as: - How was the Safe developer compromised? Was it social engineering, malware, or a different exploit? - How did a developer's machine have access to Bybit's account? - How did the hackers bypass the Ledger verification step at multiple signers? - Why was the Bybit wallet, specifically holding $1.4 billion, targeted? - What lessons can other self-custody multi-signature wallet providers learn?
Sygnia and Verichains Reports: What Was Found
Bybit hired Sygnia and Verichains, leading blockchain security firms, for an independent forensic analysis. Their investigation concluded that the root cause was a malicious JavaScript injection into Safe's infrastructure. Key findings: - The malicious JavaScript file was introduced on February 19. - The code specifically targeted Bybit's Ethereum Multisig Cold Wallet. - The attackers used social engineering to gain access to SafeWallet's AWS infrastructure. - Both firms recommended further investigations to confirm the full extent of the breach.
The Bybit hack has become one of the largest exploits in crypto history, exposing ongoing vulnerabilities in crypto security, particularly in self-custody and multi-signature wallets. As CZ pointed out, the industry must learn from these failures and implement stronger security measures to prevent future attacks.
