Bybit $1.4b theft originated from compromised Safe UI
An independent audit confirmed that the Lazarus group of North Korea infiltrates the Safe infrastructure to compromise the Ethereum de Bybit portfolio.
A medico-legal analysis led by Sygnia Labs and Verichain revealed that the integrity of the security of Bybit has remained intact despite an attack on his Ethereum (Ethn) Cold wallet on February 21.
Crypto exchange based in Dubai reported Theft of more than 400,000 Ethereum, worth around 1.4 billion dollars, of its multi-signature portfolio supplied safely last week. The initial speculation suggested that one of the signatories of Bybit had been compromised by Lazarus. However, the post-mortem audit traced the deep cause of a safe development machine.
“They exchanged the user interface of Gnosis Safe with JS who only targeted the cold wallet of Bybit,” said Haseeb Qureshi, Director Partner at Dragonfly explain.
This means that Lazarus successfully compromised a safe developer with access to specific frontal deployment identification information, allowing bad players to hide malware.
Safe recognized the conclusions, reaffirming that Bybit’s security has remained intact while confirming the attack vector. The protocol also said that his internal investigation could not find any vulnerability in safe smart contracts or the source code.
After the recent incident, the security team {Wallet} conducted an in -depth investigation and has now restored its security {Wallet} on Ethereum Mainnet with a progressive deployment. The safety team has fully rebuilt, reconfigured all infrastructure and runs all identification information, ensuring that the attack vector is fully eliminated.
Sure post mortem
Martin Koeppelmann, co-founder of Gnusis, the team behind Safe, thanked the CEO of Bybit Ben Zhou for his leadership during the crisis. Koeppelmann highlighted the need for additional security layers and reduces dependence on web2 technology to prevent similar incidents in the future.
Post Comment