Safe's report on a targeted attack on Bybit has been criticized by former Binance CEO Changpeng Zhao for insufficient detail.
Safe Investigation Findings
According to Safe's report, the attack on Bybit was executed through a compromised Safe developer machine. A disguised malicious transaction proposal allowed the hackers to access Bybit's wallet funds. External audits did not find flaws in Safe's smart contracts or frontend code. The Safe team conducted a thorough investigation and reinstated their system on the Ethereum mainnet with new security measures.
CZ's Criticism and Questions
Binance founder CZ criticized the report for lacking detail and raised questions about security issues prompted by the attack. CZ expressed doubts about the term 'compromised developer machine' and questioned hacking methods and security checks bypass. Quote from Twitter: 'I usually try not to criticize other industry players, but this update from Safe isn't great. It uses vague language to brush over important issues.'
Consequences and Next Steps
Bybit is conducting its own investigation with firms Sygnia and Verichains following the cyberattack. Preliminary findings revealed the attack was executed through malicious JavaScript on app.safe.global. The Lazarus Group allegedly uses memecoins to launder Bybit's funds. Similar attacks on other platforms, including Binance, underline the need for heightened security measures.
The attack on Bybit and criticism of the Safe report raise questions about security in the crypto industry and the need for transparent and detailed reports to prevent similar incidents in the future.
