For the benefit of the whole industry we are sharing this report: Summary: Only very few machines had access. Initial compromise happened trough a supply chain attack via a privileged docker image doing "yaml load" from disguised but malicious sources. From there privileges were extended despite layers of security. Eventually Bybit was targeted. It will take the whole industry to step up to defend against those kind of attacks.