Author: Safe.eth, source: Twitter @safe; compiled by: Baishui, Golden Finance

The survey results confirm that Lazarus launched a targeted attack on ByBit.

Safe smart contracts are not affected, and the attack is carried out by hacking into the Safe {Wallet} developer machine that affects the accounts operated by Bybit.

Safe{Wallet} Security measures have been added to eliminate attack vectors.

The forensic review of the targeted attacks initiated by Lazarus Group on Bybit concluded that the attack on Bybit Safe was implemented through the infected machine of the Safe{Wallet} developer, resulting in malicious transactions in disguise. Lazarus is a supported North Korean hacker organization known for complex social engineering attacks on developer credentials, sometimes combined with zero-day vulnerabilities.

Important tip! Forensic review by external security researchers did not indicate any vulnerabilities in the source code of Safe smart contracts or front-end and services.

After the recent incident, the Safe{Wallet} team conducted a thorough investigation and has now recovered Safe{Wallet} in phases on the Ethereum mainnet. The Safe{Wallet} team has completely rebuilt, reconfigured all infrastructure, and rotated all credentials to ensure that the attack vector is completely eliminated.

After the final results of the investigation come out, the Safe{Wallet} team will release a complete post-event analysis.

Safe{Wallet} front-end is still running and additional security measures have been taken. However, users need to be extra careful and alert when signing transactions.

Safe's commitment to leading an industry-wide initiative to improve transaction verifiability is an ecosystem-wide challenge.

Safe will continue to be committed to security, transparency, self-hosting and driving the industry forward.