Essential Insights
-
Criticism from CZ: Changpeng Zhao (CZ), former CEO of Binance, labeled Safe Wallet’s post-mortem on the Bybit hack as inadequate, questioning the clarity and effectiveness of their communication regarding the incident.
-
Hack Details: A forensic investigation revealed that the nearly $1.5 billion Bybit exploit resulted from compromised Safe Wallet credentials, emphasizing that there were no vulnerabilities in Safe’s smart contracts or frontend code.
-
Attack Execution: The breach utilized malicious JavaScript injected into Safe’s AWS system, which activated under specific transaction conditions, tricking signers into approving fraudulent transactions.
- Bybit’s Recovery: Following the hack, Bybit secured 40,000 ETH through loans to meet withdrawal demands and has rebuilt its asset reserves, confirming full backing for client assets valued at approximately $1.23 billion.
CZ Critiques Safe Wallet’s Analysis of Bybit Hack
Former Binance CEO Changpeng Zhao, commonly known as CZ, expressed his dissatisfaction with Safe Wallet’s recent post-mortem of the Bybit hacking incident. He described the update as “not that great,” raising several questions about the attack’s methodologies.
The breach, which cost nearly $1.5 billion, stemmed from a compromise of Safe’s infrastructure, as confirmed by a forensic audit. Safe Wallet said the incident originated from a compromised developer machine, not any flaws in its smart contracts or front-end code. They reassured users that they had rebuilt their infrastructure and updated all credentials, thus closing the attack vector.
However, CZ is not convinced. He pointed out that the language in Safe’s update remained vague. He stated, “I have more questions than answers after reading it.” CZ questioned the implications of "compromised a Safe Wallet developer machine" and wondered how attackers managed access to Bybit’s accounts. He also raised concerns about the role of social engineering or malware in the breach.
Further complicating the matter, CZ asked whether the Ledger verification process faced any lapses and if the signers adequately verified transactions. These unanswered questions highlight the complexities surrounding security in the crypto industry.
On February 26, Bybit released a forensic report detailing how hackers injected malicious JavaScript into Safe’s Amazon Web Services system. This breach allowed them to deceive signers into approving a fraudulent transaction. Notably, forensic experts confirmed that Bybit’s systems remained secure throughout the ordeal.
In response to the hack, Bybit borrowed 40,000 ETH from Bitget to address its withdrawal demands but has since repaid it. The exchange managed to restore client asset reserves, securing over 446,870 ETH valued at approximately $1.23 billion. CEO Ben Zhou announced that their assets now have full backing.
As the crypto landscape evolves, incidents like the Bybit hack and the ensuing scrutiny over security protocols emphasize the need for transparency and robust defenses in digital assets.
Stay Ahead with the Latest Tech Trends
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Explore past and present digital transformations on the Internet Archive.
Disclaimer
This content is for informational and entertainment purposes only and does not constitute financial or investment advice. Cryptocurrency is highly speculative and carries significant risk, including the potential loss of your entire investment. Do not make financial decisions based on this information. Consult a licensed financial advisor before investing. This site does not offer, sell, or advise on cryptocurrency, securities or other regulated financial products in compliance with SEC and applicable laws. Please do your own research and seek professional advise.
CryptoV1
