In a twist that could only be described as a cosmic joke, Safe Wallet, in its infinite wisdom, traced the gaping security loophole back to its Wallet UI. Meanwhile, Bybit, with all the grace of a cat on a hot tin roof, scrambled to close the $1.4 billion gap and launched a bounty protocol to track down the nefarious bad actors. 🕵️♂️💰
In the wake of a cyberattack that could make even the most hardened hacker chuckle, the Ethereum-based crypto wallet protocol Safe decided it was high time for some “immediate security improvements” to its multi-sig solution. This came after the Dubai-based exchange Bybit found itself in a bit of a pickle on February 21. 🥒
Enter North Korea’s infamous Lazarus group, who, in a heist that would make even the most seasoned cat burglar blush, managed to swipe over $1.4 billion in Ether (ETH) from Bybit’s Ethereum wallet. They exploited vulnerabilities in Safe Wallet’s UI like a kid in a candy store, injecting hostile JavaScript code and siphoning off more than 400,000 ETH. 🍬💻
To prevent any further shenanigans, Safe promptly placed its Wallet in lockdown mode, which is a bit like putting a “Do Not Disturb” sign on a hotel room door after the party has already started. They then announced a phased rollout and a reconfigured infrastructure, because why not add a sprinkle of chaos to the mix? 🎉
Martin Koeppelmann, co-founder of Safe, took to the digital ether to announce that the team had developed and shipped ten changes to the UI, as if they were baking a cake and realized they forgot the eggs. In a post on March 3 on X.com, he revealed updates like “show full raw tx data now on UI” and “remove specific direct hardware wallet support that raised security concerns.” Because who needs security, right? 😅
Meanwhile, Bybit CEO Ben Zhou, in a moment of podcasting glory on the When Shift Happens show with host Kevin Follonier, recounted the incident that occurred shortly after he signed a transaction to transfer 13,000 ETH. Talk about timing! ⏰
Zhou, who was using a Ledger hardware wallet, lamented that he couldn’t fully verify the transaction details. This little hiccup, known as “blind signing,” is a common vulnerability in multi-sig crypto transactions. Safe’s latest updates aim to provide signers with more detailed transaction data, because clarity is key, folks! 🔑
In response to a post from Kyber Network CEO Victor Tran about industry-wide security efforts, Koeppelmann emphasized the importance of collaboration. However, he also noted that immediate damage control remains the priority, which is a bit like trying to put out a fire while the house is still burning down. 🔥
“We are still in the ‘putting out fire’ mode – but once we have that behind us, we need to come together and improve overall frontend and tx verification security,” Koeppelmann stated, adding that “This will take involvement of many parties to solve it for good.” Because, of course, it takes a village to raise a secure wallet! 🏰
These are the immediate security improvements the @safe team implemented when bringing back the UI. We’re doing this transparently and believe there are many lessons to learn industry-wide. Links below 👇
— koeppelmann.eth 🦉💳 (@koeppelmann) March 3, 2025
Read More
- Cookie Run Kingdom: Shadow Milk Cookie Toppings and Beascuits guide
- Rick Owens Gives RIMOWA’s Cabin Roller a Bronze Patina
- “Tornado Cash’s TORN Token: Riding the Rollercoaster of Sanction Roulette!”
- The Weeknd’s ‘Hurry Up Tomorrow’ Billboard 200 Projections
- EXCLUSIVE: Mrs star Sanya Malhotra recalls seeing Shah Rukh Khan for 1st time and it’s not on Jawan sets; ‘Mujhey ek mahina…’
- Australia implements sweeping ban on credit and crypto for online betting
- Roseanne Barr Has A Wild New TV Show About A Farmer Who’s ‘Saving’ America, And She’s Comparing It To The Sopranos
- David Taylor Takes You on a Tour of His Aluminum Explorations
- Invincible Season 4 Already in the Works, According to J.K. Simmons!
- Senator Lummis Takes the Crypto Reins: Hold Onto Your Wallets! 🚀
2025-03-03 22:51