Binance News
--
Bybit releases hacker forensics report, Safe acknowledges that developer's machine was compromised
According to reports by Wu, Bybit released a report on the hacker theft incident: UTC time February 19, 2025, the JavaScript file of app.safe.global was replaced with malicious code, targeting Bybit's EthereumMultisig cold wallet. The attack is aimed to be activated during the next Bybit trading period. Based on the investigation results of Bybit signers' machines and the cached malicious JavaScript payload found on the Wayback Archive, it leans towards the conclusion that Safe.Global's AWS S3 or CloudFront account/AP| keys may have been leaked or compromised. Safe's official statement claims that this attack was implemented through an infiltrated Safe{Wallet} developer's machine, resulting in disguised malicious transactions.
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.
