Wu Shuo learned that Bybit has released a report on the hacking and coin theft incident: the benign JavaScript file of the app Safe Global seems to have been replaced by malicious code on February 19, 2025 at 15:29:25 UTC, specifically targeting Bybit's Ethereum Multisig cold wallet. The attack aims to activate during the next Bybit transaction. Based on the investigation results of Bybit signer machines and the discovery of cache malicious JavaScript payloads on Wayback Archive, it is likely that the AWS S3 or CloudFront account/AP | keys of s Safe Global may have been leaked or stolen. The official statement from Safe states that the attack on Bybit Safe was carried out through the compromised Safe {Wallet} developer machine, resulting in disguised malicious transactions. https://www. (wublock123.com)/index.php? m=content&c=index&a=show&catid=6&id=38592