The recent Bybit hack, resulting in the theft of over $1.4 billion in crypto, has stirred industry discussions. Former Binance CEO Changpeng Zhao (CZ) criticized the Safe report for its vagueness and incompleteness.
Safe's Investigation and Findings
The Lazarus Group is believed to have orchestrated the attack by compromising a Safe developer's machine, inserting malicious JavaScript into SafeWallet's AWS infrastructure. This tricked Bybit's signers into approving a fraudulent transaction. The Safe report states that the attack didn't exploit vulnerabilities in Safe's smart contracts or frontend services.
CZ’s Criticism: Unanswered Questions
Changpeng Zhao openly criticized the report, alleging it sidestepped key details and left many critical questions unaddressed. He questioned how the developer's machine was compromised, access to Bybit's account, and methods of bypassing Ledger authentication.
Martin Köppelmann’s Response and Other Investigations
Gnosis co-founder Martin Köppelmann asserts that the interface was compromised, not Safe's code. Hackers used a modified interface to deceive Bybit. Proposed improvements include introducing SafeNet, a professional co-signing service. Independent firms Sygnia and Verichains confirmed the presence of malicious JavaScript in Safe's infrastructure.
The Bybit hack has become one of the largest in crypto history, highlighting the need for enhanced security measures in self-custody and multi-signature wallets.
