tl;dr
Safe Wallet confirms that hackers exploited its infrastructure in the recent $1.5 billion Bybit hack. The attack reportedly originated from a compromised developer machine and involved a disguised malicious transaction that facilitated unauthorized access. Safe Wallet has restored its services on th...
SAFE WALLET TARGETED IN $1.5 BILLION BYBIT HACK - FBI CONFIRMS LAZARUS GROUP BEHIND BYBIT HACK
Safe Wallet confirms that hackers exploited its infrastructure in the recent $1.5 billion Bybit hack. The attack reportedly originated from a compromised developer machine and involved a disguised malicious transaction that facilitated unauthorized access. Safe Wallet has restored its services on the Ethereum mainnet and implemented additional security measures. However, its explanation has been criticized as insufficient and vague. The FBI has confirmed the involvement of the North Korean Lazarus Group in the Bybit hack, identifying it as "TraderTraitor" and urging virtual asset service providers to block transactions connected to the group's addresses.
In an official statement, Safe Wallet clarified that its smart contracts were not compromised in the attack. The forensic review of external security researchers did NOT indicate any vulnerabilities in the Safe smart contracts or source code of the frontend and services, the post read. In response to the breach, Safe Wallet has restored its services on the Ethereum (ETH) mainnet through a phased rollout. The team claims to have completely rebuilt and reconfigured its infrastructure while rotating all credentials to prevent future exploits. Despite the reassurances, users have been urged to exercise extreme caution when signing transactions as Safe Wallet implements additional security measures. The company also announced an industry-wide initiative to improve transaction verifiability across the ecosystem. Lastly, a full post-mortem report is expected once the investigation concludes.
Last week, hackers stole 40,000 ETH from Bybit’s cold wallet. Initially, reports suggested that the North Korean Lazarus Group carried out the attack, and now the US Federal Bureau of Investigation (FBI) has confirmed their involvement. The public service announcement has identified the operation as “TraderTraitor.” TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains. It is expected these assets will be further laundered and eventually converted to fiat currency, the announcement read. The agency has also listed Ethereum addresses tied to the group. Furthermore, it has urged virtual asset service providers, including exchanges, blockchain analytics firms, and decentralized finance (DeFi) services, to block transactions connected to the addresses involved in the laundering efforts.