It's been two days, and I haven't figured out yet about Bybit's theft. Let me make a bold statement, because I once encountered a situation where multiple signatures were stolen and requested help (which was eventually solved): Don't doubt the security of Safe now, let alone the security of ETH underlying and even smart contracts, and don't study how the signature content is replaced. In fact, from the beginning of this transaction, it was a problem with upgrading the contract, either by transferring money or by the person who created the transaction. Later people trusted the first person too much and did not carefully check, or the first person who created the transaction used a "man in the middle" attack. The UI displayed the correct content to the other two people who participated in the signature, but it was not the case when it was put on the chain; So, either the first person did it intentionally, or the first person's device was indeed hacked. Bybit theft is only possible in this way.