{"id":48223,"date":"2025-02-27T05:41:14","date_gmt":"2025-02-27T05:41:14","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/forensic-report-links-bybits-1-48b-loss-to-safe-wallet-security-flaw\/"},"modified":"2025-02-27T05:41:14","modified_gmt":"2025-02-27T05:41:14","slug":"forensic-report-links-bybits-1-48b-loss-to-safe-wallet-security-flaw","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/forensic-report-links-bybits-1-48b-loss-to-safe-wallet-security-flaw\/","title":{"rendered":"Forensic Report Links Bybit\u2019s $1.48B Loss to Safe Wallet Security Flaw"},"content":{"rendered":"

(Originally posted on : Crypto News – iGaming.org )<\/b>
\n<\/p>\n

\n

According to a recent investigation into the Bybit incident, hackers took advantage of a security hole in Safe, the exchange\u2019s cryptocurrency wallet. In what is now regarded as one of the biggest cryptocurrency heists in history, hackers affiliated with North Korea\u2019s Lazarus Group stole $1.48 billion in Ethereum (ETH)<\/a> from Bybit\u2019s wallet late last week.<\/p>\n

After a combined investigation by cybersecurity specialists Sygnia and financial security firm Verichains, Bybit CEO Ben Zhou revealed that Lazarus most likely gained access to Bybit\u2019s Ethereum wallet via breaking into Safe\u2019s Amazon Web Services (AWS) infrastructure.<\/p>\n

\u201cThe benign Javascript file of app.safe.global appears to have been replaced with malicious code on February 19, 2025, at 15:29:25 UTC, specifically targeting Ethereum Multisig Cold Wallet of Bybit. The attack was designed to activate during the next Bybit transaction, which occurred on February 21, 2025, at 14:13:35 UTC\u2026\u201d<\/em> Zhou explained.<\/p>\n

The investigation suggests that hackers gained access to Safe.Global\u2019s AWS S3 or CloudFront account, enabling them to inject malicious code.<\/p>\n

Safe Wallet Responds to Security Breach<\/h2>\n

Safe acknowledged the findings and confirmed that Lazarus Group targeted Bybit through a compromised Safe{Wallet} developer machine.<\/p>\n

\n
\n
\n
\n
\n
177% up to 5BTC + 77 Free Spins<\/strong>!<\/strong> <\/p>\n

New players only. Exclusive Welcome Bonus of 177% + 77 Free Spins <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

\u201cThe forensic review into the targeted attack by the Lazarus Group on Bybit concluded that this attack targeted to the Bybit Safe was achieved through a compromised Safe{Wallet} developer machine resulting in the proposal of a disguised malicious transaction\u2026 Following the recent incident, the Safe{Wallet} team conducted a thorough investigation and have now restored Safe{Wallet} on Ethereum mainnet with a phased rollout.\u201d<\/em><\/p>\n

Since then, Safe has redesigned its architecture, changing credentials and resetting systems to stop such attacks. The business intends to publish a thorough report outlining the hack.<\/p>\n

Zhou reassured users that Bybit had restored a 1:1 asset backup in spite of the big attack. The exchange has reserves more than 100% of its obligations, according to a proof-of-reserves audit conducted by blockchain security company Hacken.<\/p>\n

\u201cThe Hacken team\u2019s Proof of Reserves audit, conducted on Sunday, February 23, 2025, demonstrates that Bybit maintains an in-scope reserve ratio of > 100%,\u201d<\/em> the report stated.<\/p>\n<\/p><\/div>\n

Source link <\/a>
\n
<\/p>\n","protected":false},"excerpt":{"rendered":"

(Originally posted on : Crypto News – iGaming.org ) According to a recent investigation into the Bybit incident, hackers took advantage of a security hole in Safe, the exchange\u2019s cryptocurrency wallet. In what is now regarded as one of the biggest cryptocurrency heists in history, hackers affiliated with North Korea\u2019s Lazarus Group stole $1.48 billion […]<\/p>\n","protected":false},"author":35,"featured_media":48224,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[34],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/48223"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=48223"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/48223\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/48224"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=48223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=48223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=48223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}