Safe's vulnerability is the cause of Bybit's $1.4 billion hack
The investigation report confirms that the Bybit hack originated from a security vulnerability in the Safe Wallet infrastructure, not an internal error of this exchange.
As reported, on February 21, the crypto community in particular and the financial market in general witnessed the largest security attack in history worth more than $1.4 billion targeting the Bybit exchange. Initial investigation information shows that the Bybit hack was carried out by Lazarus Group - a notorious hacker organization with ties to North Korea - but the origin and details of how this organization did it are still unknown!
Finally, the newly published investigation report by Bybit CEO Ben Zhou has partly answered the community's questions. The incident was not related to the security system of the Bybit exchange, but originated from the Safe infrastructure, specifically belonging to Safe Wallet.
The Safe project also confirmed the incident, and explained the "root cause" of how the Lazarus Group hacker organization did it by:
- Infiltrating the device of a Safe Wallet team member, thereby allowing access to the AWS S3 storage area.
- From here, a malicious JavaScript code was installed and targeted directly to the Bybit exchange, creating a fake transaction to fool the system.
- Finally, they sat back and waited for the crypto assets on Bybit worth $1.46 billion to be withdrawn from the exchange.
The team said that after the incident, Safe Wallet conducted a comprehensive inspection, restructured the entire infrastructure system, and changed all authentication information to prevent similar vulnerabilities in the future. Currently, Safe Wallet on Ethereum mainnet has been restored with a phased security deployment.
In addition, Safe is committed to promoting an industry initiative to improve transaction verification across the entire ecosystem. Safe also recommends that users be careful when signing transactions, ensuring that they are not attacked by fake transactions. The investigation is still ongoing to verify further findings.
The results of the investigation are the answer to the "gloomy" situation of the crypto market in recent days. Because Safe's multisig wallet solution is currently being applied to many projects in the field.
According to data from Dune, the total value of assets using Safe's solution is currently 71.44 billion USD - a huge "security" number. Therefore, the community is concerned that if the vulnerability is repeated in the future, it will likely affect many other projects, not just Bybit as it is now.
However, it is important that the investigation did not detect any vulnerabilities in the smart contract or the source code of the protocol. Safe's team claims that the hackers also only modified the code to directly target the Bybit exchange's remittance transactions.
However, the SAFE token price showed a "not very positive" performance immediately after the news, recording a drop of nearly 10% when trading around $0.45.
Binance founder Changpeng Zhao, however, criticized Safe's explanation of the incident as "covering up" the truth, raising many questions that still need to be answered about the real cause of the vulnerability.