Author: Wu Says Blockchain

Amid widespread confusion about how multiple signers on Bybit were compromised, both Bybit and Safe released announcements on the evening of February 26.

Safe stated that the forensic review of the targeted attack by the Lazarus Group on Bybit concluded that the attack on Bybit Safe was executed through the compromised machine of a Safe{Wallet} developer, leading to disguised malicious transactions. Lazarus is a government-backed North Korean hacking organization known for complex social engineering attacks on developer credentials, sometimes combined with zero-day vulnerabilities.

The forensic review by external security researchers did not indicate any vulnerabilities in the source code of Safe's smart contracts or its front-end and services. Following the recent incident, the Safe{Wallet} team conducted a thorough investigation and gradually restored Safe{Wallet} on the Ethereum mainnet. The Safe{Wallet} team has completely rebuilt and reconfigured all infrastructure and rotated all credentials to ensure the complete elimination of the attack vector. After waiting for the final results of the investigation, the Safe{Wallet} team will release a complete post-incident analysis.

The Safe{Wallet} front-end is still operational and has taken additional security measures. However, users need to be especially cautious and vigilant when signing transactions.

Bybit stated:

Attack Timeline: Malicious code was injected into the Safe{Wallet} AWS S3 bucket on February 19, 2025, and triggered when Bybit executed a multisig transaction on February 21, 2025, resulting in stolen funds.

Attack Method: The attacker tampered with the front-end JavaScript files of Safe{Wallet}, injecting malicious code that modified Bybit's multisig transactions to redirect funds to the attacker's address.

Attack Target: The malicious code specifically targeted Bybit's multisig cold wallet address and a test address, activating only under specific conditions. Post-attack actions: Approximately two minutes after the execution of the malicious transaction, the attacker removed the malicious code from the AWS S3 bucket to cover their tracks.

Investigation Conclusion: The attack originated from Safe{Wallet}'s AWS infrastructure (possibly due to S3 CloudFront account/API Key leakage or compromise), and Bybit's own infrastructure was not attacked.

Safe multisig wallets are cryptocurrency wallets based on blockchain smart contracts that manage assets through a multisignature (Multisig) mechanism. Its core requires multiple predefined signers (for example, 2 out of 3, or 3 out of 5, known as the M/N mechanism) to jointly authorize transactions. The wallet itself is a contract deployed on the blockchain that records owner addresses and signature thresholds, with transactions needing to collect sufficient signatures before being verified and executed by the contract. Its technical principle relies on the Elliptic Curve Digital Signature Algorithm (ECDSA), where signers use private keys to sign transactions, and the contract verifies them using public keys. Transaction proposals are first stored in the contract, and after collecting signatures, they are submitted to the blockchain for execution, supporting flexible extensions such as account recovery features.

Polygon's Mudit Gupta questioned why a developer had the authority to change content on the Safe production site in the first place. Additionally, why was there no monitoring of the changes?

Binance founder CZ stated, "I usually do not criticize other industry participants, but Safe is using vague language to cover up the issue. What does 'compromised Safe{Wallet} developer machine' mean? How was this specific machine compromised? Was it social engineering, a virus, etc.? How did the developer's machine access 'accounts operated by Bybit'? Was some code directly deployed from this developer machine to the production environment? How were multiple signers deceived during the Ledger verification step? Was it blind signing? Or did the signers fail to verify correctly? Is $1.4 billion the largest address managed by Safe? Why didn't they target others? What lessons can other 'self-custody, multisig' wallet providers and users learn from this? Additionally, CZ denied that Binance also used Safe to store assets.

Slow Mist's Cosine stated that while the smart contract part of Safe is indeed fine (easily verifiable on-chain), the front-end was tampered with to achieve a deceptive effect. As for why it was tampered with, we will wait for the official details from Safe. Safe can be considered a security infrastructure, and theoretically, anyone using this multisig wallet could be stolen from like Bybit. It is chilling to think that all other services with front-ends, APIs, and user interactions could have this risk. This is also a classic supply chain attack. The security management model for large/huge assets needs a significant upgrade. If the Safe front-end had implemented basic SRI verification, even if this JS was altered, there would have been no issues. Cosine stated that if that Safe developer was a North Korean agent, he wouldn't be surprised.

GCC principal Konstantin stated that this is a significant blow to the industry; the so-called decentralized public goods have single-point risks that are almost entirely insecure, even with a few ordinary contract front-end developers. Besides Safe, there are a large number of web3 open-source dependencies that also face similar supply chain attack risks; they not only have weak risk control but also heavily rely on traditional internet infrastructure to ensure security.

Hasu stated that although the Safe front-end, not Bybit's infrastructure, was compromised, Bybit's infrastructure was also insufficient to prevent what was ultimately a relatively simple hacking attack. When transferring over $1 billion in funds, there is no reason not to verify message integrity on a second isolated machine.

Mingdao stated that the core issue is that large fund signing transactions should be generated by permanently offline computers. As long as the initiating party's multisigner signs offline and then broadcasts through a connected computer, it doesn't matter how others sign. If all multisigners are running on connected computers, relying on a connected webpage to generate transactions, this cold wallet becomes a hot wallet. This is not Safe's fault; after all, it did not hold the funds. It just unfortunately became the center of trust.

Vitalik has also stated that 90% of his personal assets are stored using Safe multisig.

Wintermute's founder stated that it is not to say that Bybit's security measures are flawless (it seems they might be using the largest multisig account of the SAFE protocol). If they used solutions like Fireblocks or Fordefi, combined with other measures, especially when handling simple fund transfers, it might be more reasonable.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。