Safe Wallet Found Responsible for ByBit’s $1.5 Billion Hack

ByBit, the second largest centralized exchange (CEX) in the world, released third-party audits today, which identified multi-signature security protocol Safe’s Safe{Wallet} arm as the point-of-failure in last week’s record-breaking $1.5 billion hack.

The audit from Sygnia Labs said, “The forensics investigation of the three signers’ hosts suggests the root cause of the attack is malicious code originating from Safe{Wallet}’s infrastructure.”

Verichain’s audit confirmed the findings and said, “The benign JavaScript file of app.safe.global appears to have been replaced with malicious code…specifically targeting the Ethereum Multisig Cold Wallet of ByBit.”

Safe, which was spun off from Gnosis, is the largest multi-signature wallet provider in DeFi, and released a statement from its Safe{Wallet} arm stating, “This attack targeted to the Bybit Safe was achieved through a compromised Safe{Wallet} developer machine resulting in the proposal of a disguised malicious transaction.”Safe clarified that the exploit compromised a single wallet and that Safe’s smart contracts remain unaffected.

Since the attack, ByBit successfully covered the $1.5 billion hole left in its business over the weekend through bridge loans and market buys of Ether. However, the attack vector raises security concerns around Safe as the industry mulls over the chances of a repeat attack.

CZ Calls Out Safe

Binance founder Changpeng Zhao (CZ) took to social media to criticize Safe’s statement. “This update from Safe is not that great. It uses vague language to brush over the issues. I have more questions than answers after reading it.” said CZ.

CZ cited unanswered questions such as “How did they hack this particular machine?…how did a developer machine have access (to a Bybit wallet)?...how did they fool the Ledger verification system?”

He went on to imply that Binance does not utilize Safe Wallets in its operations.

"Lazarus is probably the world's most sophisticated hacker group, which was able to (socially) engineer their way into the system. Once we complete our investigation we will share all findings transparently," responded Gnosis co-founder Stefan George.