Golden Finance reported that Slow Fog said on X platform, "The following are some details of the crime committed by Bybit hackers: - The malicious implementation contract was deployed on UTC 2025-02-19 7:15:23: 0xbDd077f651EBe7f7b3cE16fe5F2b025BE2969516; - The attacker used three owners to sign a transaction to replace the Safe implementation contract with a malicious contract on UTC 2025-02-21 14:13:35: 0x46deef0f52e3a983b67abf4714448a41dd7ffd6d32d32da69d62081c68ad7882; - Malicious upgrade logic is embedded through DELEGATECALL STORAGE[0x0]: 0x96221423681A6d52E184D440a8eFCEbB105C7242; The attacker used the backdoor functions sweepETH and sweepERC20 in the malicious contract to steal the hot wallet. ”