Well, buckle up, folks! We’ve got ourselves a digital heist that even Hollywood would raise an eyebrow at. An independent audit has confirmed the shocking news that North Korea’s notorious Lazarus Group orchestrated a hefty breach, stealthily infiltrating Safe’s infrastructure and making off with a handsome sum from Bybit’s Ethereum wallet. Talk about a Robbery on the Blockchain!
Now, let’s add a sprinkle of “Who Knew?” to this mix. A forensic analysis produced by the tech-savvy wizards at Sygnia Labs and Verichain reveals that Bybit’s overall security was still wearing its “I’m Fine” t-shirt, despite an assault on its Ethereum (ETH) cold wallet back on February 21. So, there’s that silver lining, right?
However, the Dubai-based crypto exchange had a mini heart attack last week when it reported the theft of over 400,000 ethereum—yep, you heard that right—worth approximately $1.4 billion from its Safe-provided multi-signature wallet. Initial gossip had it that one of Bybit’s signers was the unlucky victim, but, plot twist! The post-mortem audit traced the culprit back to a compromised Safe developer’s machine. Cue the dramatic music!
“They hot swapped the Gnosis Safe UI with JS code that only targeted Bybit’s cold wallet,” said Haseeb Qureshi, managing partner at Dragonfly. So basically, it was like a bad Tinder date: they showed up looking all innocent, but oh boy, did they have some hidden agendas!
This means Lazarus successfully charmed their way into a Safe developer’s workplace, grabbing hold of some sweet frontend deployment credentials to cleverly disguise their malicious transactions. Very sneaky. 🕵️♂️
Bybit Hack Forensics Report
As promised, here are the preliminary reports of the hack conducted by @sygnia_labs and @Verichains
Screenshotted the conclusion and here is the link to the full report:— Ben Zhou (@benbybit) February 26, 2025
Meanwhile, the folks at Safe are having a collective “We’re Not Angry, Just Disappointed” moment. They acknowledged the findings and reassured everyone that Bybit’s security remained overall untouched, whilst confirming the attack vector. Because who doesn’t love a techy safety pep talk?
After the gate-crashing incident, the Safe{Wallet} team rolled up their sleeves and got to work. They’ve now restored Safe{Wallet} on the Ethereum mainnet through a phased rollout. Let’s just say their security team is doing some serious spring cleaning! 🛠️
Safe post mortem
Martin Koeppelmann, co-founder of Gnosis—the brains behind Safe—took a moment to pat Bybit CEO Ben Zhou on the back for keeping his cool during this circus. Koeppelmann is all about that added security layer life, emphasizing the need to sail away from web2 dependency to avoid future debacles like this. You know, standard operating procedure!
Safe always put security first. Including securing its web frontend. It was compromised anyway. We need to add more layers of security like:
* making it easy to verify transactions independent of what is shown on the front end
* having additional processes to co-sign that also do…— koeppelmann.eth 🦉💳 (@koeppelmann) February 26, 2025
Read More
- Cookie Run Kingdom: Shadow Milk Cookie Toppings and Beascuits guide
- We’re Terrible At Organizing Things.’ Tom Holland Reveals The Sweet Holiday Scheme He And Zendaya Are Going To Try Next Year
- Broadway Box Office: Idina Menzel in ‘Redwood’ Sees Strong Start
- Buffy the Vampire Slayer Reboot: Sarah Michelle Gellar Returns to Save the Day!
- New Era and BEAMS Reunite for Spring/Summer 2025 Collection
- Deva: Shahid Kapoor and Pooja Hegde’s lip-lock scene gets trimmed by CBFC? Film’s runtime and rating revealed
- BlackRock’s Ethereum ETF $ETHA Listed on DTCC, Awaits Trading
- Girls Frontline 2 Exilium tier list
- NewsNation Taps Leland Vittert to Replace Dan Abrams
- Denzel Washington’s Black Panther 3 Role Revealed
2025-02-26 21:29