Forensic Report Links $1.4B Bybit Hack to Safe{Wallet} Compromise
Bybit CEO Ben Zhou reported initial findings of the $1.4 billion hack, indicating that attackers exploited vulnerabilities in Safe{Wallet}’s infrastructure rather than Bybit's security. Key details include:
- The attack involved unauthorized access to developer credentials, allowing hackers to insert malicious JavaScript into the Safe{Wallet} app.
- This code deceived Bybit’s Ethereum Multisig Cold Wallet during a routine transaction on February 21, 2025.
- Investigations suggest involvement from the Lazarus Group, linked to North Korea.
Safe{Wallet} Response
Safe{Wallet} clarified that its smart contracts were secure and the breach stemmed from a compromised developer machine. They have since rebuilt their infrastructure with enhanced security measures and resumed operations on the Ethereum mainnet.
Bybit's Recovery Efforts
Bybit has restored the stolen funds and is actively pursuing recovery efforts, including:
- Distribution of stolen assets across over 11,000 wallets.
- Implementation of a wallet blacklist API to block flagged addresses.
- A bounty program offering up to $140 million for information on the hackers.