Bybit’s Forensic Review Reveals Details of $1.5 Billion Hack
Cryptocurrency exchange Bybit has conducted a thorough forensic review following the recent hack that resulted in a staggering $1.5 billion theft. The findings indicated that Bybit’s internal systems had not been breached; rather, the incident stemmed from vulnerabilities within the compromised Safe wallet infrastructure. According to the review, it was determined that “the credentials of a Safe developer were compromised,” enabling the notorious Lazarus hacking group to unlawfully access the Safe wallet. This breach ultimately led to Bybit staff being misled into approving a malicious transaction.
However, a source familiar with the situation informed CoinDesk that the hack could have been entirely avoided if Bybit had not engaged in what is termed “blind signing.” This process entails approving a smart contract transaction without having a comprehensive understanding of its specific details, thereby creating an opportunity for exploitation.
In response to the incident, Safe released a statement clarifying that “Safe smart contracts [were] unaffected,” and emphasized that the attack was orchestrated by compromising a Safe developer’s machine, which directly impacted an account managed by Bybit. Furthermore, they highlighted that a “forensic review by external security researchers did NOT indicate any vulnerabilities in the Safe smart contracts or source code of the frontend and services.”
This ongoing exchange of blame between Bybit and Safe echoes the earlier incident involving WazirX and Liminal Custody, which exchanged accusations following a $230 million exploit last July.
On-chain analysis conducted by ZachXBT has revealed that the Lazarus Group is actively attempting to launder the stolen assets, with a total of 920 wallets currently tainted by the illicit funds. Alarmingly, these funds appear to have been inadvertently mixed with assets stolen from previous hacks targeting Phemex and Poloniex, further establishing a connection between the Lazarus Group and all three incidents.
