Símbolos

"Safe Admits Developer Machine Compromise in $1.4B Bybit Hack, CZ Demands Clarity"

Generado por agente de IACoin World

miércoles, 26 de febrero de 2025, 3:57 pm ET1 min de lectura

Safe, the developer of the SafeWallet multisignature product used by Bybit, has released a post-mortem update following the recent hack that resulted in a $1.4 billion loss. The update revealed that the root cause of the incident was a compromised developer machine. However, this announcement has drawn criticism from Binance co-founder Changpeng "CZ" Zhao.

According to Safe, the forensic review did not find any vulnerabilities in the Safe smart contracts or the code of its front-end portal and services. Instead, the compromised machine was modified to target the Bybit Safe and divert transactions to a different hardware wallet. Martin Köppelmann, the co-founder of the Gnosis blockchain network, which developed Safe, noted that the hackers managed to trick multiple signers into approving the malicious transaction.

CZ criticized the update, stating that it used vague language to brush over the issues. He asked for clarification on several points, including how the hackers accessed Bybit's systems, how they tricked multiple signers, and why they did not target other addresses. Köppelmann speculated that the threat actors did not target other addresses to prevent discovery and detection.

A forensic review conducted by Sygnia and Verichains revealed that the credentials of a Safe developer were compromised, allowing the attacker to gain unauthorized access to the Safe infrastructure and deceive signers into approving a malicious transaction.

Meanwhile, onchain data shows that the Lazarus Group has transferred 45,900 Ether (ETH), valued at approximately $113 million, in the last 24 hours. This brings the total amount of funds laundered to over 135,000 ETH, valued at roughly $335 million. Analyst EmberCN estimates that the Lazarus Group will likely have "cleaned up" the funds within 8-10 days. Bybit and blockchain analytics firm Elliptic have tracked the stolen crypto to over 11,000 wallets controlled by the Lazarus Group, and Elliptic has published a data feed of addresses associated with the hacker group to help market participants stay clear of those wallet addresses and prevent money laundering.

Coin World

Comentarios

﻿

Add a public comment...

Aún no hay comentarios

Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana. Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero. Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema