Safe Wallet Confirms Security Flaw in $1.5 Billion Bybit Hack

The fallout from the recent $1.5 billion Bybit hack continues to unfold as Safe Wallet confirms that hackers exploited its infrastructure. 

The attack reportedly originated from a compromised developer machine and involved a disguised malicious transaction that facilitated unauthorized access.

Safe Wallet Targeted in $1.5 Billion Bybit Hack

In an official statement, Safe Wallet clarified that its smart contracts were not compromised in the attack.

“The forensic review of external security researchers did NOT indicate any vulnerabilities in the Safe smart contracts or source code of the frontend and services,” the post read.

In response to the breach, Safe Wallet has restored its services on the Ethereum (ETH) mainnet through a phased rollout. The team claims to have completely rebuilt and reconfigured its infrastructure while rotating all credentials to prevent future exploits. 

Despite the reassurances, users have been urged to exercise extreme caution when signing transactions as Safe Wallet implements additional security measures. 

The company also announced an industry-wide initiative to improve transaction verifiability across the ecosystem. Lastly, a full post-mortem report is expected once the investigation concludes.

Despite the reassurances, Safe Wallet’s explanation has not been well-received by members of the crypto community. Many users, including prominent industry figures, have criticized it as insufficient and vague. 

One of the most vocal critics is Changpeng Zhao (CZ). The former CEO of Binance expressed doubts about Safe Wallet’s handling of the situation.

“I usually try not to criticize other industry players, but I still do it once in a while. This update from Safe is not that great. It uses vague language to brush over the issues. I have more questions than answers after reading it,” he stated.

Among his concerns, CZ questioned the security of the developer machine, the deployment of code to Bybit’s production environment, and how the hackers were able to bypass Ledger verification steps. He also inquired why the breach targeted Bybit’s address rather than others managed by Safe Wallet.

Another analyst advocated for stronger security management. He confirmed that while the smart contract layer was intact, the attack had tampered with the front end. This enabled the hackers to manipulate transactions. 

The analyst described this as a classic supply chain attack and warned that all user-interactive services involving frontends, APIs, and similar infrastructure could be at risk.

“The security management model for huge/large assets needs a major upgrade,” he remarked.

FBI Confirms Lazarus Group Behind Bybit Hack

Last week, hackers stole 40,000 ETH from Bybit’s cold wallet. Initially, reports suggested that the North Korean Lazarus Group carried out the attack, and now the US Federal Bureau of Investigation (FBI) has confirmed their involvement.

The public service announcement has identified the operation as “TraderTraitor.”

“TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains. It is expected these assets will be further laundered and eventually converted to fiat currency,” the announcement read.

The agency has also listed Ethereum addresses tied to the group. Furthermore, it has urged virtual asset service providers, including exchanges, blockchain analytics firms, and decentralized finance (DeFi) services, to block transactions connected to the addresses involved in the laundering efforts.