Safe Wallet Admits Role in $1.5B Bybit Hack Amid Industry Backlash

Safe Wallet Confirms Role in $1.5 Billion Bybit Hack Amid Industry Criticism

Safe Wallet, a popular cryptocurrency wallet provider, has confirmed its involvement in the recent $1.5 billion hack of Bybit, a major cryptocurrency exchange. The hack, which occurred earlier this month, saw hackers exploit a vulnerability in Safe Wallet's infrastructure to gain unauthorized access to Bybit's cold wallet.

The attack reportedly originated from a compromised developer machine and involved a disguised malicious transaction that facilitated unauthorized access. Safe Wallet has since clarified that its smart contracts were not compromised in the attack, and that the forensic review of external security researchers did not indicate any vulnerabilities in the Safe smart contracts or source code of the frontend and services.

In response to the incident, Safe Wallet has implemented additional security measures and announced an industry-wide initiative to improve transaction verifiability across the ecosystem. The company has also stated that it will release a full post-mortem report once the investigation concludes.

However, Safe Wallet's explanation has not been well-received by members of the crypto community. Many users, including prominent industry figures, have criticized it as insufficient and vague. Changpeng Zhao (CZ), the former CEO of Binance, expressed doubts about Safe Wallet's handling of the situation, questioning the security of the developer machine, the deployment of code to Bybit's production environment, and how the hackers were able to bypass Ledger verification steps.

Another analyst advocated for stronger security management, confirming that while the smart contract layer was intact, the attack had tampered with the front end. This enabled the hackers to manipulate transactions, describing this as a classic supply chain attack and warning that all user-interactive services involving frontends, APIs, and similar infrastructure could be at risk.

Last week, hackers stole 40,000 ETH from Bybit's cold wallet. Initially, reports suggested that the North Korean Lazarus Group carried out the attack, and now the US Federal Bureau of Investigation (FBI) has confirmed their involvement. The public service announcement has identified the operation as "TraderTraitor," with the FBI urging virtual asset service providers, including exchanges, blockchain analytics firms, and decentralized finance (DeFi) services, to block transactions connected to the addresses involved in the laundering efforts.